CVE-2018-3969

Name of the Vulnerable Software and Affected Versions CUJO Smart Firewall (affected versions not specified)

Description A vulnerability exists in the verified boot protection, allowing a local attacker to add arbitrary shell commands into the dhcpd.conf file. These commands persist across reboots and firmware updates, enabling the execution of unverified commands. The attacker must be able to write into /config/dhcpd.conf to trigger this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.