N/A

The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root access to the TropOS device.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Hitachi TropOS 4th Gen 操作系统命令注入漏洞

Hitachi TropOS 4th Gen是日本日立制作所（Hitachi）公司的一款无线通信设备。 Hitachi TropOS 4th Gen存在操作系统命令注入漏洞，该漏洞源于Web配置工具中的Diagnostics Tools页面未正确验证用户输入，可能导致高权限用户注入命令并获取root访问权限。

N/A

N/A