Command injection

2021-12-1617:15:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.

CPENameOperatorVersion
aan5506-04-g2g_firmwareeq2560.0.0-rp
an5506-01-a_firmwareeq509.0.0-rp
an5506-01-b_firmwareeq2610.0.0-rp
an5506-02-b_firmwareeq2520.0.0-rp
an5506-02-b_firmwareeq2521.0.0-rp
an5506-02-b_firmwareeq2603.0.0-rp
an5506-04-b_firmwareeq2510.0.0-rp
an5506-04-f_firmwareeq2617.0.0-rp

Name	Operator	Version
aan5506-04-g2g_firmware	eq	2560.0.0-rp
an5506-01-a_firmware	eq	509.0.0-rp
an5506-01-b_firmware	eq	2610.0.0-rp
an5506-02-b_firmware	eq	2520.0.0-rp
an5506-02-b_firmware	eq	2521.0.0-rp
an5506-02-b_firmware	eq	2603.0.0-rp
an5506-04-b_firmware	eq	2510.0.0-rp
an5506-04-f_firmware	eq	2617.0.0-rp