PT-2018-13083 · Actiontec · Actiontec T2200H
Published
2018-08-20
·
Updated
2018-11-01
·
CVE-2018-15553
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Actiontec T2200H version T2200H-31.128L.03
Description
The issue allows OS Command Injection via shell metacharacters in the
smbdUserid or smbdPasswd field of the fileshare.cmd on the affected device.Recommendations
For version T2200H-31.128L.03, as a temporary workaround, consider restricting access to the
fileshare.cmd to minimize the risk of exploitation. Avoid using shell metacharacters in the smbdUserid or smbdPasswd field until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Actiontec T2200H