CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 3CVE-2018-20162 – Digi TransPort LR54 Restricted Shell Escape
https://notcve.org/view.php?id=CVE-2018-20162
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. Los dispositivos Digi TransPort LR54 4.4.0.26 y, posiblemente, versiones anteriores, tienen una validación de entradas incorrecta que permite que los usuarios con privilegios de acceso "super" a la interfaz de línea de comandos omitan un shell restringido y ejecuten comandos arbitrarios como root. Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell. • https://github.com/stigtsp/CVE-2018-20162-digi-lr54-restricted-shell-escape http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape https://seclists.org/bugtraq/2019/Feb/34 • CWE-20: Improper Input Validation •