Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into the firmware upgrade pipeline.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sercomm SCE4255W 安全漏洞
Vulnerability Description
Sercomm SCE4255W是中国台湾中磊(Sercomm)公司的一款宽带网关设备。 Sercomm SCE4255W DG3934v3@2308041842之前版本存在安全漏洞,该漏洞源于CWMP客户端存在OS命令注入,可能导致远程攻击者执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A