RDK CcspWifiAgent Module Command Execution Vulnerability

RDK is a modular, portable, customizable open source IoT software solution from the RDK Management community. ccspWifiAgent is one of the modules that supports WiFi functionality. A security vulnerability exists in the cosawifiapis.c file of the CcspWifiAgent module in RDK version RDKB-20181217-1...

CVE-2019-6962

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

CVE-2019-6962

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

Sql injection

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

CVE-2019-6962

The CVE-2019-6962 issue affects the RDK B/CcspWifiAgent stack (RDKB-20181217-1) via the cosa_wifi_apis.c shell-injection path. If ENABLE_FEATURE_MESHWIFI is enabled, an attacker with login credentials can craft the Wi‑Fi network password to include escape characters, enabling arbitrary shell comm...

CVE-2019-6962

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...