Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
1 contributor

Users who have contributed to this file

24 lines (14 sloc) 1.06 KB

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19612

[Affected Devices]

Westermo DR-260 Router - All firmware versions

Westermo DR-250 Router - All firmware versions

Westermo MR-260 Router - All firmware versions

[Description]

The /uploadfile? functionality in the affected router models allow for the remote upload of malicious files; allowing for the remote execution of ASP code. This attack can be performed remotely and can be conducted from any authenticated account.

Alternatively this functionality allows the attacker to upload any file to the router, potentially allowing for alternative attack vectors to be introduced.

Working alongside the router vendor, it was established that this vulnerability affects all of the specified router models, regardless of firmware version. Since this product is considered to be EOL, no patches for this issue are expected.

[Credit]

For assistance in identifying this issue, credit should also be given to:

Simon Brackenridge - https://github.com/Fluffydaemon

Nettitude - https://www.nettitude.com/uk/

You can’t perform that action at this time.