Arbitrary Command Execution in Zhone zNID GPON 2426A Administrative Portal

Arbitrary Command Execution in Zhone zNID GPON 2426A Administrative Portal

CVE-2014-9118 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.

Learn more about our Web App Pen Testing.