Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege Escalation on Skylab IIoT Gateway (IGX)
Vulnerability Description
The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exec and download functions. By replacing the /etc/passwd file with a new root user entry, the attacker was able to breakout from the limited shell and login to a unrestricted shell with root access. With the root access, the attacker will be able take full control of the IIoT Gateway.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Skylab IGX IIoT Gateway 安全漏洞
Vulnerability Description
Skylab IGX IIoT Gateway是Skylab组织的一个连接各种无线/有线物联网设备并将不同协议统一到物联网标准的网关。 Skylab IGX IIoT Gateway v1.2.12版本存在安全漏洞,该漏洞源于允许攻击者通过shell文件执行、下载、读取、写入和修改操作系统中的任何文件。
CVSS Information
N/A
Vulnerability Type
N/A