Arbitrary OS Command Execution in MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592

Arbitrary OS Command Execution in MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592

CVE-2020-7594 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function.

Learn more about our Web Application Penetration Testing UK.