An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018.
References
Link | Resource |
---|---|
https://gist.github.com/neolead/1b90d8df7ef4fd1d3d03c1265e5804ac#file-cve-2018-11240-txt | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-21T15:00:00
Updated: 2018-09-21T14:57:01
Reserved: 2018-05-18T00:00:00
Link: CVE-2018-11240
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-21T15:29:00.327
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-11240
JSON object: View
Redhat Information
No data.
CWE