PT-2019-9261 · Aterm · Aterm Wf1200Cr+1

Satoru Nagaoka

Publicado

2019-01-09

Atualizado

2019-01-17

CVE-2018-16195

CVSS v3.1

8.8

Alta

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aterm WF1200CR versions 1.1.1 and earlier Aterm WG1200CR versions 1.0.1 and earlier

Description The issue allows an attacker on the same network segment to execute arbitrary OS commands via the SOAP interface of UPnP.

Recommendations For Aterm WF1200CR versions 1.1.1 and earlier, consider disabling the UPnP feature until a patch is available. For Aterm WG1200CR versions 1.0.1 and earlier, consider disabling the UPnP feature until a patch is available.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2018-16195

Produtos afetados

Aterm Wf1200Cr

Aterm Wg1200Cr

PT-2019-9261 · Aterm · Aterm Wf1200Cr+1

CVE-2018-16195

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4