PT-2025-32394 · Unknown · Wan Emulator
Published
2025-08-08
·
Updated
2025-08-08
·
CVE-2012-10041
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
WAN Emulator version 2.3
Description:
WAN Emulator version 2.3 contains two unauthenticated command execution vulnerabilities. The
result.php script calls the shell exec() function with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a SUID-root binary named dosu, which is vulnerable to command injection via its first argument. An attacker can exploit both flaws in sequence to achieve full remote code execution and escalate privileges to root.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
LPE
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wan Emulator