PT-2019-15393 · Technicolor · Td5130V2

Published

2019-10-31

Updated

2020-02-10

CVE-2019-18396

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Technicolor TD5130v2 devices with Oi third-party firmware OI Fw V20

Description A Command Injection issue in the Ping module of the Web Interface allows remote attackers to execute arbitrary OS commands. This is achieved by exploiting the pingAddr parameter in the "mnt ping.cgi" endpoint.

Recommendations For Technicolor TD5130v2 devices with Oi third-party firmware OI Fw V20, avoid using the pingAddr parameter in the "mnt ping.cgi" endpoint until a fix is available. As a temporary workaround, consider restricting access to the Ping module in the Web Interface to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-18396

Affected Products

Td5130V2

PT-2019-15393 · Technicolor · Td5130V2

CVE-2019-18396

Weakness Enumeration

Related Identifiers

Affected Products

References · 8