PT-2016-5117 · Syslink+1 · Syslink Sl-1000+1
Jeremy Allen
+1
·
Publicado
2016-04-25
·
Atualizado
2016-05-04
·
CVE-2016-2332
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware prior to 01A.8
Description
The issue allows remote authenticated users to execute arbitrary commands. This is achieved via the
dnsmasq parameter, also known as 5066, in the flu.cgi script within the web interface.Recommendations
For firmware versions prior to 01A.8, update the firmware to version 01A.8 or later to resolve the issue.
Correção
Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Syslink Sl-1000
Dnsmasq