Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT
Vulnerability Description
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
完整性检查值验证不恰当
Vulnerability Title
PHOENIX CONTACT RAD-ISM-900-EN-* 安全漏洞
Vulnerability Description
PHOENIX CONTACT RAD-ISM-900-EN-*是德国PHOENIX CONTACT公司的一系列无线模块以太网收发器。 PHOENIX CONTACT 的 RAD-ISM-900-EN-* 设备存在安全漏洞,该漏洞源于完整性检查值验证不正确。攻击者利用该漏洞使用 WebUI 中的配置文件上传器在操作系统上以 root 权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A