CVE-2019-3496

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials.

Ссылки

http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Jan/23
Exploit
Mailing List
Third Party Advisory
https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Jan/23
Exploit
Mailing List
Third Party Advisory
https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:indionetworks:unibox_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:indionetworks:unibox:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.07366

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-9vf7-jg37-jgj4