PT-2022-8676 · Optilink · Optilink Op-Xt71000N
Disguised_Noob
+1
·
Published
2022-11-23
·
Updated
2025-04-25
·
CVE-2020-23583
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OPTILINK OP-XT71000N version 2.2
Description
The issue is related to Remote Code Execution. It occurs when an attacker sends arbitrary code to the "/diag ping admin.asp" API endpoint, specifically to the "PingTest" interface, leading to command execution. This allows an attacker to compromise the full system.
Recommendations
For OPTILINK OP-XT71000N version 2.2, consider disabling access to the "/diag ping admin.asp" API endpoint until a patch is available. Restrict the use of the "PingTest" interface to minimize the risk of exploitation.
Exploit
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Optilink Op-Xt71000N