Описание
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.
Ссылки
- ExploitThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- ExploitThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:billion:5200w-t_firmware:1.02b:rc5.dt49:*:*:*:*:*:*
cpe:2.3:h:billion:5200w-t:-:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.87496
Высокий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.
EPSS
Процентиль: 99%
0.87496
Высокий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78