The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCompal Ch7465lg
HWCompalwszystkie wersjeCompal Ch7465lg Firmware
OSCompal6.12.18.25-2p4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Powiązane podatności
CVE-2019-13025CRITICAL9.8ten sam produkt
Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper In...
CVE-2019-17224MEDIUM5.3ten sam produkt
The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulner...
CVE-2019-19494HIGH8.8ten sam vendor
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote...