PT-2018-13720 · Link Net · Link-Net Lw-N605R

Publicado

2018-09-20

Atualizado

2019-10-03

CVE-2018-16752

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LINK-NET LW-N605R version 12.20.2.1486

Description The issue allows for remote code execution via shell metacharacters in the HOST field of the ping feature at "adm/systools.asp". Authentication is required, but the default password for the admin account may be used in some cases.

Recommendations For version 12.20.2.1486, consider changing the default password for the admin account and avoid using shell metacharacters in the HOST field of the ping feature at "adm/systools.asp" to minimize the risk of exploitation. As a temporary workaround, restrict access to the "adm/systools.asp" page until a patch is available.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-1188

Identificadores relacionados

CVE-2018-16752

Produtos afetados

Link-Net Lw-N605R

PT-2018-13720 · Link Net · Link-Net Lw-N605R

CVE-2018-16752

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4