Описание
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-17532
- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_Teltonika_OS_Command_Injection
- http://packetstormsecurity.com/files/149777/Teltonika-RUT9XX-Unauthenticated-OS-Command-Injection.html
- http://seclists.org/fulldisclosure/2018/Oct/27
Связанные уязвимости
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Уязвимость сценариев autologin.cgi и hotspotlogin.cgi микропрограммного обеспечения маршрутизаторов Teltonika RUT955, позволяющая нарушителю выполнять произвольные команды с root привилегиями