An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/160136/Gemtek-WVRTM-127ACN-01.01.02.141-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
https://pastebin.com/QTev1TjM | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/160136/Gemtek-WVRTM-127ACN-01.01.02.141-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
https://pastebin.com/QTev1TjM | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/160136/Gemtek-WVRTM-127ACN-01.01.02.141-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://pastebin.com/QTev1TjM - Exploit, Third Party Advisory |
Information
Published : 2020-09-24 15:15
Updated : 2024-11-21 05:14
NVD link : CVE-2020-24365
Mitre link : CVE-2020-24365
CVE.ORG link : CVE-2020-24365
JSON object : View
Products Affected
gemteks
- wrtm-127x9
- wrtm-127x9_firmware
- wrtm-127acn_firmware
- wrtm-127acn