Root Privilege Escalation via Hidden Shell Feature in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6

Root Privilege Escalation via Hidden Shell Feature in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6

CVE-2019-14920 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.

Learn more about our Web App Pen Testing.