Technicolor TD5130v2 Oi_Fw_V20 Command Injection (CVE-2019-18396)

A command injection vulnerability exists in Technicolor TD5130v2 OiFwV20. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Technicolor TD5130.2 Remote Command Execution

Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POST /mntping.cgi HTTP/1.1 Host: HOST User-Agent:...

Technicolor TD5130.2 - Remote Command Execution

Technicolor TD5130.2 - Remote Command Execution Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POS...

CVE-2019-18396

CVE-2019-18396 affects Technicolor TD5130v2 devices running OI_Fw_V20. A command injection exists in the Ping module of the Web Interface via the pingAddr parameter to mnt_ping.cgi, enabling remote attackers to execute arbitrary OS commands. Public details show an example payload in POST /mnt_pin...