4 matches found
CVE-2018-20487
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...
Design/Logic Flaw
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...
CVE-2018-20487
This CVE affects the firewall3 component of Inteno IOPSYS 1.0–3.16. A JSON-RPC call to add a firewall rule as an “include” can point the path to a malicious script/binary, which is executed as root when changes are committed. Affected software: Inteno IOPSYS firewall3. Root-level impact: arbitrar...
CVE-2018-20487
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...