Vulnerability Details CVE-2018-20122
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.059
EPSS Ranking 90.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2018-20122
-
cpe:2.3:h:fastweb:fastgate:-
-
cpe:2.3:o:fastweb:fastgate_firmware:0.00.47
-
cpe:2.3:o:fastweb:fastgate_firmware:1.0.1b