Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Firewalla BTLE Authenticated Command Injection
Vulnerability Description
Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in various configuration parameters including networkConfig.Interface.Phy.Eth0.Extra.PingTestIP, networkConfig.Interface.Phy.Eth0.Extra.DNSTestDomain, and networkConfig.Interface.Phy.Eth0.Gateway6. Additionally, because the configuration can be synced to the Firewalla cloud, the attacker may be able to persist access even after hardware resets and firmware re-flashes.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Firewalla 安全漏洞
Vulnerability Description
Firewalla是Firewalla公司的一个驱动程序。 Firewalla 1.979之前版本存在安全漏洞,该漏洞源于存在多个经过身份验证的操作系统命令注入漏洞,经过蓝牙低功耗接口身份验证的攻击者可以使用网络配置服务在各种配置参数中注入命令,且在硬件重置和固件重新刷新后,攻击者也可能能够持续访问。
CVSS Information
N/A
Vulnerability Type
N/A