Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection

Discussion in 'News Aggregator' started by Packet Storm, 11 Oct 2021.

  1. Packet Storm

    Packet Storm Guest

    Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.

    Continue reading...
     

Share This Page

Loading...