关键漏洞信息 Title: Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS Advisory ID: ZSL-2018-5481 Type: Local/Remote Impact: DoS Risk: 4/5 Release Date: 17.07.2018 Summary The advisory is about a Denial of Service vulnerability in various industrial wireless solutions by Microhard Systems that can be exploited by an authenticated attacker. Description An undocumented hidden feature allows authenticated attackers to list running processes, send arbitrary signals to kill processes, and impact availability including starting and stopping system services, leading to device instability. Affected Versions IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 And other versions listed. POC Discovery Credits Gjoko Krstic - gjoko@zeroscience.mk References 1. https://www.exploit-db.com/exploits/45035/ 2. https://packetstormsecurity.com/files/148568 3. https://cxsecurity.com/issue/WLB-2018070163 4. https://exchange.xforce.ibmcloud.com/vulnerabilities/146625