Vulnerability Description
Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Askey | Ap5100W Firmware | <= 1.01.097 |
| Askey | Ap5100W | - |
Related Weaknesses (CWE)
References
- https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-acExploitThird Party Advisory
- https://starlabs.sg/advisories/ExploitThird Party Advisory
- https://www.askey.com.tw/incident_report_notifications.htmlVendor Advisory
- https://medium.com/csg-govtech/bolstering-security-how-i-breached-a-wifi-mesh-acExploitThird Party Advisory
- https://starlabs.sg/advisories/ExploitThird Party Advisory
- https://www.askey.com.tw/incident_report_notifications.htmlVendor Advisory
FAQ
What is CVE-2020-15357?
CVE-2020-15357 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or rou...
How severe is CVE-2020-15357?
CVE-2020-15357 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-15357?
Check the references section above for vendor advisories and patch information. Affected products include: Askey Ap5100W Firmware, Askey Ap5100W.