CVE-2020-10789

openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php...

cayman.txt

try using '' as a username without a password for cayman routers. login: Password: Terminal shell v1.0 Cayman-DSL Model 3220-H, DMT-ADSL Alcatel plus 4-port hub Running GatorSurf version 5.3.0 build R1 completed login: user level Cayman-DSLSNIP ================================== Russell Handorf...