Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtRicardo Jose Ruiz Fernandez1337DAY-ID-38270
HistoryMar 20, 2023 - 12:00 a.m.

Riello UPS Restricted Shell Bypass Vulnerability

2023-03-2000:00:00
Ricardo Jose Ruiz Fernandez
0day.today
145
riello ups
ssh
vulnerability
bypass
restricted shell
operating system
configuration shell
default credentials
exploit
JSON

Riello UPS systems can have their restricted configuration shell bypassed to gain full underlying operating system access.

I. VULNERABILITY
-------------------------
Riello UPS systems allow to easily escape the configuration shell and get access to the operating system

II. VENDOR
-------------------------
Riello (https://www.riello-ups.es/)

III. DESCRIPTION
-------------------------
Riello UPS systems allow SSH access to configure the device, sometimes with the default credentials "admin:admin".

Using the "-t bash" or "-t /bin/bash" paramters it is possible to escape the restricted shell and get access to the operating system:

ssh [email protected] -t bash
JSON