PT-2023-20835 · Green Packet · Wr-1200 Indoor Unit+1

Lionel Musonza

Publicado

2023-04-04

Atualizado

2023-04-11

CVE-2023-26866

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GreenPacket OH736's WR-1200 Indoor Unit version M-IDU-1.6.0.3 V1.1 GreenPacket OH736's OT-235 version MH-46360-2.0.3-R5-GP

Description The issue allows for remote command injection. Commands are executed before login and with root privileges, enabling complete system takeover.

Recommendations For GreenPacket OH736's WR-1200 Indoor Unit version M-IDU-1.6.0.3 V1.1, consider disabling remote access until a patch is available. For GreenPacket OH736's OT-235 version MH-46360-2.0.3-R5-GP, restrict root privileges for commands executed before login to minimize the risk of exploitation.

Exploit

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2023-26866

Produtos afetados

Ot-235

Wr-1200 Indoor Unit

PT-2023-20835 · Green Packet · Wr-1200 Indoor Unit+1

CVE-2023-26866

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4