Описание
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:*:*:*:*:*:*:*
cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00668
Низкий
6.7 Medium
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.
EPSS
Процентиль: 71%
0.00668
Низкий
6.7 Medium
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-78