Command Injection Vulnerability in Telstra Smart Modem Gen 2 (Arcadyan LH1000) Firmware < 0.18.15r

Command Injection Vulnerability in Telstra Smart Modem Gen 2 (Arcadyan LH1000) Firmware < 0.18.15r

CVE-2023-43477 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. 

Learn more about our Web App Pen Testing.