CVE-2018-17558

Name of the Vulnerable Software and Affected Versions ABUS TVIP TVIP20050 version LM.1.6.18 ABUS TVIP TVIP10051 version LM.1.6.18 ABUS TVIP TVIP11050 version MG.1.6.03.05 ABUS TVIP TVIP20550 version LM.1.6.18 ABUS TVIP TVIP10050 version LM.1.6.18 ABUS TVIP TVIP11550 version MG.1.6.03 ABUS TVIP TVIP21050 version MG.1.6.03 ABUS TVIP TVIP51550 version MG.1.6.03

Description Hardcoded manufacturer credentials and an OS command injection vulnerability in the "/cgi-bin/mft/" directory allow remote attackers to execute code as root.

Recommendations For ABUS TVIP TVIP20050 version LM.1.6.18, consider disabling access to the "/cgi-bin/mft/" directory until a patch is available. For ABUS TVIP TVIP10051 version LM.1.6.18, consider disabling access to the "/cgi-bin/mft/" directory until a patch is available. For ABUS TVIP TVIP11050 version MG.1.6.03.05, consider disabling access to the "/cgi-bin/mft/" directory until a patch is available. For ABUS TVIP TVIP20550 version LM.1.6.18, consider disabling access to the "/cgi-bin/mft/" directory until a patch is available. For ABUS TVIP TVIP10050 version LM.1.6.18, consider disabling access to the "/cgi-bin/mft/" directory until a patch is available. For ABUS TVIP TVIP11550 version MG.1.6.03, consider disabling access to the "/cgi-bin/mft/" directory until a patch is available. For ABUS TVIP TVIP21050 version MG.1.6.03, consider disabling access to the "/cgi-bin/mft/" directory until a patch is available. For ABUS TVIP TVIP51550 version MG.1.6.03, consider disabling access to the "/cgi-bin/mft/" directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.