PT-2018-10418 · Softcase · Tc Router

George Zaytsev

Published

2018-09-21

Updated

2020-08-24

CVE-2018-11240

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SoftCase T-Router build 20112017

Description An issue was discovered where there are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, this allows code execution both on the other modem and on the main servers.

Recommendations For SoftCase T-Router build 20112017, update to a production build from Spring 2018 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'exec command' feature to minimize the risk of exploitation.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-11240

Affected Products

Tc Router

PT-2018-10418 · Softcase · Tc Router

CVE-2018-11240

Weakness Enumeration

Related Identifiers

Affected Products

References · 3