CVE-2017-17867

Опубликовано: 04 янв. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration.

Ссылки

http://public.inteno.se/?p=feed-inteno-openwrt.git%3Ba=commit%3Bh=efcc985a721107e72a66da4db66891ec54441998
https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html
Exploit
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/43428/
Exploit
Third Party Advisory
VDB Entry
http://public.inteno.se/?p=feed-inteno-openwrt.git%3Ba=commit%3Bh=efcc985a721107e72a66da4db66891ec54441998
https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html
Exploit
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/43428/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:intenogroup:iopsys:*:*:*:*:*:*:*:*

Версия от 2.0 (включая) до 3.14 (включая)

cpe:2.3:h:intenogroup:iopsys:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19814

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-wj28-hq3x-wg9p