ГлавнаяУязвимости → CVE-2018-25143
8.8высокая

CVE-2018-25143

Описание

Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.

Затрагиваемое ПО
Microhardcorp Ipn4g firmwareMicrohardcorp Ipn4gMicrohardcorp Ipn3gb firmwareMicrohardcorp Ipn3gbMicrohardcorp Ipn4gb firmwareMicrohardcorp Ipn4gbMicrohardcorp Bullet-3g firmwareMicrohardcorp Bullet-3gMicrohardcorp Vip4gb firmwareMicrohardcorp Vip4gbMicrohardcorp Vip4gb wifi-n firmwareMicrohardcorp Vip4gb wifi-nMicrohardcorp Bullet-lte firmwareMicrohardcorp Bullet-lteMicrohardcorp Ipn3gii firmwareMicrohardcorp Ipn3giiMicrohardcorp Ipn4gii firmwareMicrohardcorp Ipn4giiMicrohardcorp Bulletplus firmwareMicrohardcorp BulletplusMicrohardcorp Dragon-lte firmwareMicrohardcorp Dragon-lte
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.microhardcorp.comhttps://www.exploit-db.com/exploits/45041https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.phphttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5486.php