Command Injection Vulnerability in Oi Third-Party Firmware for Technicolor TD5130v2 Devices

Command Injection Vulnerability in Oi Third-Party Firmware for Technicolor TD5130v2 Devices

CVE-2019-18396 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.

Learn more about our Web App Pen Testing.