Описание
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-8116
- https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb
- https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb
- https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution
Связанные уязвимости
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
Уязвимость интерфейса управления прошивки маршрутизаторов Teltonika RUT9XX, позволяющая нарушителю выполнить произвольные команды с root-правами