PT-2011-5165 · Ctek · Ctek Skyrouter

Savant42

Published

2011-12-25

Updated

2012-02-17

CVE-2011-5010

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ctek SkyRouter versions 4200 and 4300

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action in the apps/a3/cfg ethping.cgi endpoint.

Recommendations For Ctek SkyRouter versions 4200 and 4300, avoid using the PINGADDRESS parameter in the affected endpoint until the issue is resolved. Restrict access to the cfg ethping.cgi endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-5010

Affected Products

Ctek Skyrouter

PT-2011-5165 · Ctek · Ctek Skyrouter

CVE-2011-5010

Weakness Enumeration

Related Identifiers

Affected Products

References · 8