Описание
The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.18.15r (исключая)
Одновременно
cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.20768
Средний
6.8 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-77
CWE-77
Связанные уязвимости
CVSS3: 6.8
github
больше 2 лет назад
The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device.
EPSS
Процентиль: 95%
0.20768
Средний
6.8 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-77
CWE-77