PT-2018-13720 · Link Net · Link-Net Lw-N605R

Published

2018-09-20

Updated

2019-10-03

CVE-2018-16752

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions LINK-NET LW-N605R version 12.20.2.1486

Description The issue allows for remote code execution via shell metacharacters in the HOST field of the ping feature at "adm/systools.asp". Authentication is required, but the default password for the admin account may be used in some cases.

Recommendations For version 12.20.2.1486, consider changing the default password for the admin account and avoid using shell metacharacters in the HOST field of the ping feature at "adm/systools.asp" to minimize the risk of exploitation. As a temporary workaround, restrict access to the "adm/systools.asp" page until a patch is available.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-1188

Related Identifiers

CVE-2018-16752

Affected Products

Link-Net Lw-N605R

PT-2018-13720 · Link Net · Link-Net Lw-N605R

CVE-2018-16752

Weakness Enumeration

Related Identifiers

Affected Products

References · 4