CVE-2024-31977

Name of the Vulnerable Software and Affected Versions Adtran 834-5 versions 11.1.0.101-202106231430 SmartOS versions prior to 12.6.3.1

Description The issue is related to the Ping and Traceroute utilities in the SmartOS operating system of AdTran SRG 834-5 Wi-Fi routers. It allows OS Command Injection via shell metacharacters, potentially enabling a remote attacker to execute arbitrary operating system commands.

Recommendations For Adtran 834-5 versions 11.1.0.101-202106231430, update to a version that includes the fix, such as SmartOS Version 12.6.3.1 or later. For SmartOS versions prior to 12.6.3.1, update to SmartOS Version 12.6.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Ping and Traceroute utilities until a patch is applied.