CVE-2017-11361

Published: Jul 17, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.)

Affected (1)

Products: Intenogroup: Inteno Router Firmware

1 product

Inteno Router Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intenogroup Inteno Router Firmware	All versions

Running on/with	Platform Versions
Intenogroup Inteno Router	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.