Vulnerability Details CVE-2018-16752
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.61
EPSS Ranking 98.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2018-16752
-
cpe:2.3:h:linknet-usa:lw-n605r:-
-
cpe:2.3:o:linknet-usa:lw-n605r_firmware:12.20.2.1486