CVE-2018-18852

Name of the Vulnerable Software and Affected Versions Cerio DT-300N versions 1.1.6 through 1.1.12

Description The issue arises from improper input validation in the web-interface PING feature, which uses Save.cgi to execute a ping command, allowing OS command injection. This has been exploited in the wild.

Recommendations For Cerio DT-300N versions 1.1.6 through 1.1.12, consider disabling the Save.cgi functionality related to the PING feature as a temporary workaround until a patch is available. Restrict access to the web-interface PING feature to minimize the risk of exploitation.