Remote Code Execution Vulnerability in Microhard Bullet-LTE Product
CVE-2020-17406

8.8HIGH

Key Information:

Vendor: Microhard
Status: Bullet-lte
Vendor: CVE Published:; 13 October 2020

What is CVE-2020-17406?

This remote code execution vulnerability affects installations of Microhard Bullet-LTE prior to version 1.2.0-r1112 due to improper validation of the ping parameter in tools.sh. Attackers with authentication can exploit this flaw to execute arbitrary code with root privileges, posing significant security risks to the system. Proper security measures should be implemented to mitigate potential threats stemming from this vulnerability.

Affected Version(s)

Bullet-LTE prior to v1.2.0-r1112

References

https://www.zerodayinitiative.com/advisories/ZDI-20-1205/

x_refsource_MISC

EPSS Score

41% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2020
Vulnerability Reserved
Aug 7, 2020

Credit

Ricky "HeadlessZeke" Lawshae

JSON