Описание
A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Ссылки
- ExploitThird Party Advisory
- Exploit
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:utt:521g_firmware:3.1.1-190816:*:*:*:*:*:*:*
cpe:2.3:h:utt:521g:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.04239
Низкий
7.2 High
CVSS3
8.3 High
CVSS2
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 7.2
github
5 месяцев назад
A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
EPSS
Процентиль: 90%
0.04239
Низкий
7.2 High
CVSS3
8.3 High
CVSS2
Дефекты
CWE-74