CVE-2014-9118

Опубликовано: 17 окт. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.

Ссылки

http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Oct/57
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/536663/100/0/threaded
https://www.exploit-db.com/exploits/38453/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Oct/57
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/536663/100/0/threaded
https://www.exploit-db.com/exploits/38453/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dasanzhone:znid_2426a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dasanzhone:znid_2426a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.52287

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-8fhg-9q98-67hg