Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RDK CcspWifiAgent模块操作系统命令注入漏洞
Vulnerability Description
RDK是RDK Management社区的一套模块化、可移植、可定制的开源物联网软件解决方案。CcspWifiAgent是其中的一个支持WiFi功能的模块。 RDK RDKB-20181217-1版本中的CcspWifiAgent模块的cosa_wifi_apis.c文件存在安全漏洞。攻击者可通过将Wi-Fi网络密码更改成包含有特制转义字符的密码利用该漏洞执行任意的shell命令。
CVSS Information
N/A
Vulnerability Type
N/A