Multiple Raisecom GPON Products CVE-2019-7385 Local Command Injection Vulnerability
BID:107030
CVE-2019-7385 |Info
Multiple Raisecom GPON Products CVE-2019-7385 Local Command Injection Vulnerability
| Bugtraq ID: | 107030 |
| Class: | Input Validation Error |
| CVE: |
CVE-2019-7385 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Feb 12 2019 12:00AM |
| Credit: | Kaustubh G. Padwad |
| Vulnerable: |
Raisecom ISCOM HT803G-W GPON 0 Raisecom ISCOM HT803G-U GPON 2.0.0_140521_R4.1.47 Raisecom ISCOM HT803G-U GPON 0 Raisecom ISCOM HT803G-1GE GPON 0 Raisecom ISCOM HT803G GPON 0 |
| Not Vulnerable: | |
Discussion
Multiple Raisecom GPON Products CVE-2019-7385 Local Command Injection Vulnerability
Multiple Raisecom GPON Products are prone to an local command-injection vulnerability.
An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.
Multiple Raisecom GPON Products are prone to an local command-injection vulnerability.
An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks.
Solution / Fix
Multiple Raisecom GPON Products CVE-2019-7385 Local Command Injection Vulnerability
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
References
Multiple Raisecom GPON Products CVE-2019-7385 Local Command Injection Vulnerability
References:
References:
- KSA-Dev-006:CVE-2019-7385: Authenticated remote code execution on Multiple Rais (Seclists.org)
- Raisecom Homepage (Raisecom)
- security advisories (s3curityb3ast)