Vulnerability Details CVE-2018-20162
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.048
EPSS Ranking 88.9%
CVSS Severity
CVSS v3 Score 9.9
CVSS v2 Score 9.0
References
- http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html
- https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/
- https://seclists.org/bugtraq/2019/Feb/34
- http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html
- https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/
- https://seclists.org/bugtraq/2019/Feb/34
Products affected by CVE-2018-20162
-
cpe:2.3:h:digi:transport_lr54:-
-
cpe:2.3:o:digi:transport_lr54_firmware:4.3.2.24