CVE-2017-16522

Name of the Vulnerable Software and Affected Versions MitraStar GPT-2541GNAC (HGU) version 1.00(VNJ0)b1 DSL-100HN-T1 version ES 113WJY0b16

Description The issue is related to inadequate access control in the firmware of the affected devices. It allows remote authenticated users to gain root access by executing the /bin/sh command. This can be exploited by an attacker to obtain elevated privileges on the devices.

Recommendations For MitraStar GPT-2541GNAC (HGU) version 1.00(VNJ0)b1, consider restricting access to the /bin/sh command until a patch is available. For DSL-100HN-T1 version ES 113WJY0b16, restrict access to the /bin/sh command to minimize the risk of exploitation. As a temporary workaround, consider disabling SSH connections to the devices until a fix is provided.