Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Command Injection EG7035-M11 Series
Vulnerability Description
Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Baicells EG7035-M11 命令注入漏洞
Vulnerability Description
Baicells EG7035-M11是美国Baicells公司的一款 LTE 户外 CPE。 Baicells EG7035-M11 BCE-ODU-1.0.8版本及之前版本存在安全漏洞,该漏洞源于容易受到通过HTTP GET命令注入的不当代码攻击。
CVSS Information
N/A
Vulnerability Type
N/A