CVE-2017-17867 · CVEKit

cve.orgen

370 chars

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration.

NVDen

370 chars

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration.

NVDes

432 chars

Los dispositivos Inteno iopsys 2.0-3.14 y 4.0 permiten que los usuarios autenticados remotos ejecuten comandos de sistema operativo arbitrarios modificando el campo leasetrigger en la configuración de odhcpd para especificar un programa arbitrario, tal y como se demuestra con un programa ubicado en un almacén SMB. Este problema existía porque el directorio /etc/uci-defaults no se utilizaba para proteger la configuración OpenWrt.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.0	8.0	10.0	AV:N/AC:L/Au:S/C:C/I:C/A:C
3.0	Primary	NVD	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H