CVE-2017-14127

Name of the Vulnerable Software and Affected Versions Technicolor TD5336 OI Fw v7

Description The issue is related to command injection in the Ping Module of the Web Interface. It allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to "mnt ping.cgi". This is due to the lack of neutralization of special elements used in the operating system command. Exploitation of this issue may allow a remote attacker to execute arbitrary operating system commands with superuser privileges using shell metacharacters.

Recommendations For Technicolor TD5336 OI Fw v7, as a temporary workaround, consider restricting access to the "mnt ping.cgi" service to minimize the risk of exploitation. Avoid using the pingAddr parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.