Arbitrary Command Execution in Ctek SkyRouter 4200 and 4300 via cfg_ethping.cgi

Arbitrary Command Execution in Ctek SkyRouter 4200 and 4300 via cfg_ethping.cgi

CVE-2011-5010 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.

Learn more about our Web Application Penetration Testing UK.