CVE-2017-17743

Published: Mar 22, 2018Modified: Nov 21, 2024

6.7

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.

Affected (3)

Products: Ucopia: Wireless Appliance Firmware

Ucopia

1 product

Wireless Appliance Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ucopia Wireless Appliance Firmware	Before 4.4.20
Ucopia Wireless Appliance Firmware	From 5.0 to 5.0.19
Ucopia Wireless Appliance Firmware	From 5.1 to 5.1.11

Running on/with	Platform Versions
Ucopia Wireless Appliance	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/

Source: cve@mitre.org

ExploitThird Party Advisory

https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.