Vulnerability Description
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fastweb | Fastgate Firmware | <= 1.0.1b |
| Fastweb | Fastgate | - |
Related Weaknesses (CWE)
References
- http://www.horizonsecurity.it/advisories/?a=12&title=Fastweb+FastGate+router+101Third Party Advisory
- http://www.horizonsecurity.it/advisories/?a=12&title=Fastweb+FastGate+router+101Third Party Advisory
FAQ
What is CVE-2018-20122?
CVE-2018-20122 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerabili...
How severe is CVE-2018-20122?
CVE-2018-20122 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-20122?
Check the references section above for vendor advisories and patch information. Affected products include: Fastweb Fastgate Firmware, Fastweb Fastgate.