Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HJuplink Rx4 1500
HWJuplinkwszystkie wersjeJuplink Rx4 1500 Firmware
OSJuplink1.0.3
Powiązane podatności
A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An a...
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions...
Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions ...
Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote...
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to l...