Vulnerability Description
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digi | Transport Lr54 Firmware | < 4.4.0.26 |
| Digi | Transport Lr54 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-ShellExploitThird Party AdvisoryVDB Entry
- https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/
- https://seclists.org/bugtraq/2019/Feb/34ExploitMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-ShellExploitThird Party AdvisoryVDB Entry
- https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/
- https://seclists.org/bugtraq/2019/Feb/34ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2018-20162?
CVE-2018-20162 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary command...
How severe is CVE-2018-20162?
CVE-2018-20162 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-20162?
Check the references section above for vendor advisories and patch information. Affected products include: Digi Transport Lr54 Firmware, Digi Transport Lr54.