Arbitrary Code Execution Vulnerability in DASAN H660GW Port Forwarding Functionality

Arbitrary Code Execution Vulnerability in DASAN H660GW Port Forwarding Functionality

CVE-2018-17867 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).

Learn more about our Web Application Penetration Testing UK.