PT-2017-3370 · D Link+1 · Dsl-100Hn-T1+1

Published

2017-10-28

·

Updated

2019-10-03

·

CVE-2017-16522

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions MitraStar GPT-2541GNAC (HGU) version 1.00(VNJ0)b1 DSL-100HN-T1 version ES 113WJY0b16
Description The issue is related to inadequate access control in the firmware of the affected devices. It allows remote authenticated users to gain root access by executing the /bin/sh command. This can be exploited by an attacker to obtain elevated privileges on the devices.
Recommendations For MitraStar GPT-2541GNAC (HGU) version 1.00(VNJ0)b1, consider restricting access to the /bin/sh command until a patch is available. For DSL-100HN-T1 version ES 113WJY0b16, restrict access to the /bin/sh command to minimize the risk of exploitation. As a temporary workaround, consider disabling SSH connections to the devices until a fix is provided.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-276CWE-264

Related Identifiers

BDU:2018-00152
CVE-2017-16522

Affected Products

Dsl-100Hn-T1
Mitrastar Gpt-2541Gnac