FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.
References
Link | Resource |
---|---|
http://blog.51cto.com/010bjsoft/2175710 | Exploit Third Party Advisory |
https://github.com/PatatasFritas/PatataWifi/issues/1 | Exploit Third Party Advisory |
https://github.com/xtr4nge/FruityWifi/issues/276 | |
http://blog.51cto.com/010bjsoft/2175710 | Exploit Third Party Advisory |
https://github.com/PatatasFritas/PatataWifi/issues/1 | Exploit Third Party Advisory |
https://github.com/xtr4nge/FruityWifi/issues/276 |
Configurations
History
21 Nov 2024, 03:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://blog.51cto.com/010bjsoft/2175710 - Exploit, Third Party Advisory | |
References | () https://github.com/PatatasFritas/PatataWifi/issues/1 - Exploit, Third Party Advisory | |
References | () https://github.com/xtr4nge/FruityWifi/issues/276 - |
Information
Published : 2018-09-21 18:29
Updated : 2024-11-21 03:54
NVD link : CVE-2018-17317
Mitre link : CVE-2018-17317
CVE.ORG link : CVE-2018-17317
JSON object : View
Products Affected
fruitywifi_project
- fruitywifi
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')