CVE-2023-27826

Name of the Vulnerable Software and Affected Versions SeowonIntech SWC 5100W WIMAX Bootloader version 1.18.19.0, HW version 0.0.7.0, and FW versions 1.11.0.1, 1.9.9.4

Description The issue allows attackers to take over the system with root privilege by abusing the doSystem() function, enabling OS Command Injection. This allows for the execution of arbitrary system commands, potentially leading to a full system compromise.

Recommendations For SeowonIntech SWC 5100W WIMAX Bootloader version 1.18.19.0, consider disabling the doSystem() function to prevent OS Command Injection until a patch is available. For HW version 0.0.7.0, restrict access to the system to minimize the risk of exploitation. For FW versions 1.11.0.1 and 1.9.9.4, avoid using the vulnerable doSystem() function in critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.