Описание
In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.
Ссылки
- Broken Link
- Broken Link
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:linksys:ea6350_firmware:2.1.2:*:*:*:*:*:*:*
cpe:2.3:h:linksys:ea6350:-:*:*:*:*:*:*:*
EPSS
Процентиль: 2%
0.00015
Низкий
3.9 Low
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 3.9
github
7 месяцев назад
In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.
EPSS
Процентиль: 2%
0.00015
Низкий
3.9 Low
CVSS3
Дефекты
CWE-284