An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-31T19:08:27
Updated: 2019-11-13T18:06:41
Reserved: 2019-10-24T00:00:00
Link: CVE-2019-18396
JSON object: View
NVD Information
Status : Modified
Published: 2019-10-31T20:15:11.163
Modified: 2023-11-07T03:06:26.383
Link: CVE-2019-18396
JSON object: View
Redhat Information
No data.
CWE