Vulnerabilities > CVE-2018-16752 - Insecure Default Initialization of Resource vulnerability in Linknet-Usa Lw-N605R Firmware 12.20.2.1486

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
linknet-usa
CWE-1188
exploit available

Summary

LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.

Vulnerable Configurations

Part Description Count
OS
Linknet-Usa
1
Hardware
Linknet-Usa
1

Exploit-Db

descriptionLW-N605R 12.20.2.1486 - Remote Code Execution. Webapps exploit for Hardware platform
fileexploits/hardware/webapps/45351.py
idEDB-ID:45351
last seen2018-10-07
modified2018-09-10
platformhardware
port
published2018-09-10
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/45351/
titleLW-N605R 12.20.2.1486 - Remote Code Execution
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/149297/LW-N605R.txt
idPACKETSTORM:149297
last seen2018-09-11
published2018-09-10
reporterNassim Asrir
sourcehttps://packetstormsecurity.com/files/149297/LW-N605R-Remote-Code-Execution.html
titleLW-N605R Remote Code Execution