Ctek SkyRouter 4200 and 4300 Series Routers Remote Arbitrary Command Execution Vulnerability
BID:50867
Info
Ctek SkyRouter 4200 and 4300 Series Routers Remote Arbitrary Command Execution Vulnerability
| Bugtraq ID: | 50867 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-5010 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 30 2011 12:00AM |
| Updated: | Jan 03 2012 10:00PM |
| Credit: | savant42 |
| Vulnerable: |
Ctek SkyRouter 4300 0 Ctek SkyRouter 4200 0 |
| Not Vulnerable: | |
Discussion
Ctek SkyRouter 4200 and 4300 Series Routers Remote Arbitrary Command Execution Vulnerability
Ctek SkyRouter 4200 and 4300 series routers are prone to a remote arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input.
Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges, which may facilitate a complete compromise of the affected device.
Ctek SkyRouter 4200 and 4300 series routers are prone to a remote arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input.
Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges, which may facilitate a complete compromise of the affected device.
Exploit / POC
Ctek SkyRouter 4200 and 4300 Series Routers Remote Arbitrary Command Execution Vulnerability
To exploit this issue, attackers can use a browser or readily available network utilities.
The following exploit code is available:
To exploit this issue, attackers can use a browser or readily available network utilities.
The following exploit code is available:
Solution / Fix
Ctek SkyRouter 4200 and 4300 Series Routers Remote Arbitrary Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Ctek SkyRouter 4200 and 4300 Series Routers Remote Arbitrary Command Execution Vulnerability
References:
References:
- Ctek Vendor Homepage (Ctek)