Описание
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:technicolor:td5130v2_firmware:oi_fw_v20:*:*:*:*:*:*:*
cpe:2.3:h:technicolor:td5130v2:-:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.56804
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017?14127.
EPSS
Процентиль: 98%
0.56804
Средний
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78