CVE-2021-43283

Опубликовано: 30 нояб. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the ping and traceroute features. An attacker would thus be able to use this vulnerability to open a reverse shell on the device with root privileges.

Ссылки

https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
Exploit
Third Party Advisory
https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
Exploit
Third Party Advisory
https://research.nccgroup.com/2021/11/12/technical-advisory-multiple-vulnerabilities-in-victure-wr1200-wifi-router-cve-2021-43282-cve-2021-43283-cve-2021-43284/
Exploit
Third Party Advisory
https://www.nccgroup.trust/us/our-research/?research=Technical+advisories
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:govicture:wr1200_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.3 (включая)

cpe:2.3:h:govicture:wr1200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03876

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-mw64-2c3h-ccp9

github

около 4 лет назад