Vulnerability Details CVE-2014-9118
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.669
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html
- http://seclists.org/fulldisclosure/2015/Oct/57
- http://www.securityfocus.com/archive/1/536663/100/0/threaded
- https://www.exploit-db.com/exploits/38453/
- http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html
- http://seclists.org/fulldisclosure/2015/Oct/57
- http://www.securityfocus.com/archive/1/536663/100/0/threaded
- https://www.exploit-db.com/exploits/38453/
Products affected by CVE-2014-9118
-
cpe:2.3:h:dasanzhone:znid_2426a:-
-
cpe:2.3:o:dasanzhone:znid_2426a_firmware:-