Executive Summary

Informations
NameCVE-2018-20122First vendor Publication2019-02-21
VendorCveLast vendor Modification2019-02-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20122

CWE : Common Weakness Enumeration

%idName
100 %CWE-77Improper Sanitization of Special Elements used in a Command ('Command Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware1
Os2

Sources (Detail)

SourceUrl
MISC http://www.horizonsecurity.it/advisories/?a=12&title=Fastweb+FastGate+rou...

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2019-02-23 09:19:21
  • First insertion