CVE-2021-36705

Name of the Vulnerable Software and Affected Versions ProLink PRC2402M versions 1.0.18 and older

Description The issue concerns a command injection in the set TR069 function within the adm.cgi binary. This function is accessible when the page parameter is set to TR069. Specifically, the value of the TR069 local port parameter is directly passed to the system, allowing for potential exploitation.

Recommendations For ProLink PRC2402M versions 1.0.18 and older, consider disabling access to the adm.cgi binary with the page parameter set to TR069 until a fix is available. Restricting the use of the TR069 local port parameter in this context may also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.