Vulnerability Description
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ctekproducts | Skyrouter | 4200 |
Related Weaknesses (CWE)
References
- http://dev.metasploit.com/redmine/issues/5610
- http://osvdb.org/77497
- http://secunia.com/advisories/47003Vendor Advisory
- http://www.exploit-db.com/exploits/18172Exploit
- http://www.securityfocus.com/bid/50867
- http://dev.metasploit.com/redmine/issues/5610
- http://osvdb.org/77497
- http://secunia.com/advisories/47003Vendor Advisory
- http://www.exploit-db.com/exploits/18172Exploit
- http://www.securityfocus.com/bid/50867
FAQ
What is CVE-2011-5010?
CVE-2011-5010 is a vulnerability with a CVSS score of 10.0 (HIGH). apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.
How severe is CVE-2011-5010?
CVE-2011-5010 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5010?
Check the references section above for vendor advisories and patch information. Affected products include: Ctekproducts Skyrouter.