Описание
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:phicomm:k2\(psg1218\)_firmware:22.5.9.163:*:*:*:*:*:*:*
cpe:2.3:h:phicomm:k2\(psg1218\):-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.16616
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
EPSS
Процентиль: 95%
0.16616
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78