Описание
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.18.15r (исключая)
Одновременно
cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.04132
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.
EPSS
Процентиль: 88%
0.04132
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-434