Описание
F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:f-logic:datacube3_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:f-logic:datacube3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02223
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-77
EPSS
Процентиль: 84%
0.02223
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-77