Remote Code Execution Vulnerability in Askey AP4000W Devices
CVE-2020-8614

9.8CRITICAL

Key Information:

Vendor: Askey
Status: Ap4000w Firmware
Vendor: CVE Published:; 13 February 2020

What is CVE-2020-8614?

A critical vulnerability has been identified in Askey AP4000W devices running TDC_V1.01.003, enabling attackers to execute arbitrary code remotely by targeting the bd_svr service. This exploit requires the attacker to send a specially crafted network packet to TCP port 54188, potentially compromising the device's integrity and allowing unauthorized access.

References

https://improsec.com/tech-blog/RCE-Askey

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2020
Vulnerability Reserved
Feb 4, 2020