An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/160136/Gemtek-WVRTM-127ACN-01.01.02.141-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
https://pastebin.com/QTev1TjM | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-09-24 15:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-24365
Mitre link : CVE-2020-24365
CVE.ORG link : CVE-2020-24365
JSON object : View
Products Affected
gemteks
- wrtm-127x9
- wrtm-127acn
- wrtm-127acn_firmware
- wrtm-127x9_firmware