Описание
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.
Ссылки
- Product
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:niceforyou:gefen_webfwc:1.70v:*:*:*:*:*:*:*
cpe:2.3:o:niceforyou:gefen_gf-avip-mc_firmware:a5.22:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:a:niceforyou:gefen_webfwc:1.85h:*:*:*:*:*:*:*
cpe:2.3:a:niceforyou:gefen_webfwc:1.86v:*:*:*:*:*:*:*
cpe:2.3:o:niceforyou:gefen_gf-avip-mc_firmware:a5.310:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00267
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 6.5
github
9 месяцев назад
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.
EPSS
Процентиль: 50%
0.00267
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-77