2 matches found
CVE-2017-17867
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...
CVE-2017-17867
CVE-2017-17867 concerns Inteno IOPSYS devices (2.0–3.14 and 4.0) where remote authenticated users can execute arbitrary OS commands by manipulating the leasetrigger field in the odhcpd config via an SMB share, due to insufficient protection of OpenWrt config (not using /etc/uci-defaults). Connect...