PT-2023-25031 · Ikuai · Ikuai Router Os
Published
2023-06-29
·
Updated
2023-07-06
·
CVE-2023-34849
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ikuai router OS versions through 3.7.1
Description
An unauthorized command injection vulnerability exists in the
ActionLogin function of the webman.lua file. This issue allows for command injection, potentially leading to unauthorized access or control.Recommendations
For Ikuai router OS versions through 3.7.1, as a temporary workaround, consider disabling the
ActionLogin function until a patch is available. Restrict access to the webman.lua file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ikuai Router Os