ГлавнаяУязвимости → CVE-2018-25144
8.4высокая

CVE-2018-25144

Описание

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.

Затрагиваемое ПО
Microhardcorp Ipn4g firmwareMicrohardcorp Ipn4gMicrohardcorp Ipn3gb firmwareMicrohardcorp Ipn3gbMicrohardcorp Ipn4gb firmwareMicrohardcorp Ipn4gbMicrohardcorp Bullet-3g firmwareMicrohardcorp Bullet-3gMicrohardcorp Vip4gb firmwareMicrohardcorp Vip4gbMicrohardcorp Vip4gb wifi-n firmwareMicrohardcorp Vip4gb wifi-nMicrohardcorp Bullet-lte firmwareMicrohardcorp Bullet-lteMicrohardcorp Ipn3gii firmwareMicrohardcorp Ipn3giiMicrohardcorp Ipn4gii firmwareMicrohardcorp Ipn4giiMicrohardcorp Bulletplus firmwareMicrohardcorp BulletplusMicrohardcorp Dragon-lte firmwareMicrohardcorp Dragon-lte
CVSS
Балл8.4 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.microhardcorp.comhttps://www.exploit-db.com/exploits/45037https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.phphttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5485.php