OS Command Injection Vulnerability in FiberHome ONU GPON AN5506-04-F
CVE-2021-42912

8.8HIGH

Key Information:

Vendor

Fiberhome

Status
An5506-01-a Firmware
Vendor
CVE Published:
16 December 2021

What is CVE-2021-42912?

The ONU GPON AN5506-04-F RP2617 by FiberHome is susceptible to an OS command injection vulnerability. When an attacker gains access, they can exploit the ping diagnostic tool to execute arbitrary commands at the root level. This security flaw occurs as a result of the improper validation of user input, allowing attackers to manipulate the command execution process by bypassing the intended IP address field. The concatenation of commands using semicolons presents a significant risk, potentially enabling unauthorized control over the system.

References

http://fiberhome.com
x_refsource_MISC
http://onu.com
x_refsource_MISC
https://medium.com/%40windsormoreira/fiberhome-an5506-os-...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.