CVE-2020-15357

Опубликовано: 11 дек. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.

Ссылки

https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d
Exploit
Third Party Advisory
https://starlabs.sg/advisories/
Exploit
Third Party Advisory
https://www.askey.com.tw/incident_report_notifications.html
Vendor Advisory
https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d
Exploit
Third Party Advisory
https://starlabs.sg/advisories/
Exploit
Third Party Advisory
https://www.askey.com.tw/incident_report_notifications.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:askey:ap5100w_firmware:*:*:*:*:*:*:*:*

Версия до 1.01.097 (включая)

cpe:2.3:h:askey:ap5100w:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06076

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-pm7g-wr2h-x45m