Multiple Authenticated Command Injection Vulnerabilities in Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m Devices via Ping and Traceroute Diagnostic Pages

Multiple Authenticated Command Injection Vulnerabilities in Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m Devices via Ping and Traceroute Diagnostic Pages

CVE-2020-10173 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

Learn more about our Web Application Penetration Testing UK.