Multiple Authenticated Command Injection Vulnerabilities in Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m Devices via Ping and Traceroute Diagnostic Pages
CVE-2020-10173 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.
Learn more about our Web Application Penetration Testing UK.