Vulnerability Description
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dasanzhone | Znid 2426A Firmware | - |
| Dasanzhone | Znid 2426A | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-DiExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Oct/57ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/536663/100/0/threaded
- https://www.exploit-db.com/exploits/38453/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-DiExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Oct/57ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/536663/100/0/threaded
- https://www.exploit-db.com/exploits/38453/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2014-9118?
CVE-2014-9118 is a vulnerability with a CVSS score of 8.8 (HIGH). The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
How severe is CVE-2014-9118?
CVE-2014-9118 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9118?
Check the references section above for vendor advisories and patch information. Affected products include: Dasanzhone Znid 2426A Firmware, Dasanzhone Znid 2426A.