CVE-2020-23584

Name of the Vulnerable Software and Affected Versions OPTILINK OP-XT71000N version V2.2

Description The issue occurs due to unauthenticated remote code execution when an attacker passes arbitrary commands with an IP-ADDRESS using " | " to execute commands on "/diag tracert admin.asp" in the PingTest parameter. This leads to command execution.

Recommendations For OPTILINK OP-XT71000N version V2.2, as a temporary workaround, consider restricting access to the "/diag tracert admin.asp" endpoint to minimize the risk of exploitation. Avoid using the PingTest parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.