CVE-2019-6962

Name of the Vulnerable Software and Affected Versions RDK RDKB-20181217-1 CcspWifiAgent module (affected versions not specified)

Description A shell injection issue in the CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process, which runs as root. This issue is related to the WebUI module and can be exploited by changing the Wi-Fi network password to include crafted escape characters, but only if the platform was compiled with the ENABLE FEATURE MESHWIFI macro.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.