Описание
The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.
Ссылки
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.9.90 (исключая)
Одновременно
cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00243
Низкий
7.8 High
CVSS3
Дефекты
CWE-78
CWE-78
Связанные уязвимости
CVSS3: 7.8
github
около 3 лет назад
The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.
EPSS
Процентиль: 47%
0.00243
Низкий
7.8 High
CVSS3
Дефекты
CWE-78
CWE-78