Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-08928
HistoryDec 17, 2021 - 12:00 a.m.

Fiberhome FiberHome ONU GPON OS Command Injection Vulnerability

2021-12-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
16

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.4%

Fiberhome FiberHome ONU GPON is a router from Fiberhome, China.FiberHome ONU GPON AN5506-04-F RP2617 is vulnerable to an operating system command injection vulnerability, which originates from FiberHome ONU GPON AN5506-04-F RP2617 is affected by an operating system command injection vulnerability. The vulnerability allows an attacker to send commands to the operating system as the root user after logging in via the ping diagnostic tool, bypassing the IP address field and using a semicolon to connect to the operating system commands.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.4%