CVE-2019-14920

Name of the Vulnerable Software and Affected Versions Billion Smart Energy Router SG600R2 Firmware version 3.02.rc6

Description The issue allows an authenticated attacker to gain root execution privileges over the device. This is achieved through a hidden shell feature in etc ro/web/adm/system command.asp.

Recommendations For Billion Smart Energy Router SG600R2 Firmware version 3.02.rc6, consider restricting access to the system command.asp feature until a patch is available. As a temporary workaround, limit the use of the affected firmware to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.