PT-2018-10586 · Belkin · Belkin N750

Publicado

2018-04-19

Atualizado

2019-10-03

CVE-2018-1146

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Belkin N750 version 1.10.22

Description A remote unauthenticated user can enable telnet on the device by sending a crafted HTTP request to "set.cgi". When enabled, the telnet session requires no password and provides root access.

Recommendations For version 1.10.22, as a temporary workaround, consider disabling access to the "set.cgi" endpoint until a patch is available. Restrict access to the telnet service to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-1146

Produtos afetados

Belkin N750

PT-2018-10586 · Belkin · Belkin N750

CVE-2018-1146

Identificadores relacionados

Produtos afetados

Referências · 3