3 matches found
CVE-2020-24849
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the pageconfigadv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-173...
CVE-2020-24849
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the pageconfigadv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-173...
CVE-2020-24849
FruityWifi up to version 2.4 is affected by a Shell Metacharacter Injection vulnerability. Red Hat CVE-2018-19168 describes exploitation in www/modules/save.php via a crafted mod_name in a POST request, enabling remote code execution with root privileges. The root cause is improper escaping of sh...