CVE-2015-6024

Name of the Vulnerable Software and Affected Versions NetCommWireless HSPA 3G10WVE wireless routers versions prior to firmware 3G10WVE-L101-S306ETS-C01 R05

Description The issue is related to the ping.cgi script in the router's firmware, which lacks proper input sanitization. This allows a remote authenticated user to execute arbitrary commands by injecting shell metacharacters into the DIA IPADDRESS parameter.

Recommendations For versions prior to firmware 3G10WVE-L101-S306ETS-C01 R05, update the firmware to version 3G10WVE-L101-S306ETS-C01 R05 or later to resolve the issue. As a temporary workaround, consider restricting access to the ping.cgi script until the firmware can be updated. Avoid using the DIA IPADDRESS parameter in the ping.cgi script with untrusted input until the issue is resolved.