CVE-2018-20122

Name of the Vulnerable Software and Affected Versions FASTGate Fastweb devices with firmware through 0.00.47 FW 200 Askey 2017-05-17 FASTGate Fastweb devices with software through 1.0.1b

Description The web interface on FASTGate Fastweb devices exposed a CGI binary that is vulnerable to a command injection issue, allowing remote code execution with root privileges without requiring authentication.

Recommendations For firmware through 0.00.47 FW 200 Askey 2017-05-17, update the firmware to a version later than 0.00.47 FW 200 Askey 2017-05-17. For software through 1.0.1b, update the software to a version later than 1.0.1b. As a temporary workaround, consider restricting access to the CGI binary to minimize the risk of exploitation.