PT-2019-9261 · Aterm · Aterm Wf1200Cr+1

Satoru Nagaoka

Published

2019-01-09

Updated

2019-01-17

CVE-2018-16195

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aterm WF1200CR versions 1.1.1 and earlier Aterm WG1200CR versions 1.0.1 and earlier

Description The issue allows an attacker on the same network segment to execute arbitrary OS commands via the SOAP interface of UPnP.

Recommendations For Aterm WF1200CR versions 1.1.1 and earlier, consider disabling the UPnP feature until a patch is available. For Aterm WG1200CR versions 1.0.1 and earlier, consider disabling the UPnP feature until a patch is available.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2018-16195

Affected Products

Aterm Wf1200Cr

Aterm Wg1200Cr

PT-2019-9261 · Aterm · Aterm Wf1200Cr+1

CVE-2018-16195

Weakness Enumeration

Related Identifiers

Affected Products

References · 4