Описание
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.install_package RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privileges
Ссылки
- ExploitThird Party AdvisoryPress/Media Coverage
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.6.4:*:*:*:*:*:*:*
cpe:2.3:o:gl-inet:gl-axt1800_firmware:4.6.8:*:*:*:*:*:*:*
cpe:2.3:h:gl-inet:gl-axt1800:-:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00313
Низкий
8.1 High
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 8.1
github
30 дней назад
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privileges
EPSS
Процентиль: 54%
0.00313
Низкий
8.1 High
CVSS3
Дефекты
CWE-77