CVE-2023-43478

Name of the Vulnerable Software and Affected Versions Telstra Smart Modem Gen 2 (Arcadyan LH1000) versions prior to 0.18.15r

Description The issue allows unauthenticated attackers to upload firmware images and configuration backups, potentially leading to code execution as root. This could enable attackers to alter the firmware or configuration on the device.

Recommendations For versions prior to 0.18.15r, update the firmware to version 0.18.15r or later to resolve the issue. As a temporary workaround, consider restricting access to the fake upload.cgi script until a patch is available.