Vulnerability Details CVE-2020-15357
Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.061
EPSS Ranking 90.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d
- https://starlabs.sg/advisories/
- https://www.askey.com.tw/incident_report_notifications.html
- https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-access-point-from-close-proximity-to-uncover-f8f77dc3cd5d
- https://starlabs.sg/advisories/
- https://www.askey.com.tw/incident_report_notifications.html
Products affected by CVE-2020-15357
-
cpe:2.3:h:askey:ap5100w:-
-
cpe:2.3:o:askey:ap5100w_firmware:-
-
cpe:2.3:o:askey:ap5100w_firmware:1.01.097