PT-2018-10586 · Belkin · Belkin N750
Published
2018-04-19
·
Updated
2019-10-03
·
CVE-2018-1146
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Belkin N750 version 1.10.22
Description
A remote unauthenticated user can enable telnet on the device by sending a crafted HTTP request to "set.cgi". When enabled, the telnet session requires no password and provides root access.
Recommendations
For version 1.10.22, as a temporary workaround, consider disabling access to the "set.cgi" endpoint until a patch is available. Restrict access to the telnet service to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Belkin N750