Описание
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.1.6 (включая) до 1.1.12 (включая)
Одновременно
cpe:2.3:o:cerio:dt-300n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cerio:dt-300n:-:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.70822
Высокий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018.
EPSS
Процентиль: 99%
0.70822
Высокий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78