PT-2019-8679 · Aterm · Aterm W300P
Taizoh Tsukamoto
·
Published
2019-01-09
·
Updated
2019-01-17
·
CVE-2018-0631
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Aterm W300P versions 1.0.13 and earlier
Description
The issue allows an attacker with administrator rights to execute arbitrary OS commands. This can be achieved via the
targetAPSsid parameter.Recommendations
For Aterm W300P versions 1.0.13 and earlier, avoid using the
targetAPSsid parameter until a fix is available. As a temporary workaround, consider restricting access to the administrator rights to minimize the risk of exploitation.Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aterm W300P