Описание
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-ar300m:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.15671
Средний
9.8 Critical
CVSS3
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
EPSS
Процентиль: 95%
0.15671
Средний
9.8 Critical
CVSS3
Дефекты
CWE-78