Unauthenticated Firmware and Configuration Upload Vulnerability in Telstra Smart Modem Gen 2 (Arcadyan LH1000)

Unauthenticated Firmware and Configuration Upload Vulnerability in Telstra Smart Modem Gen 2 (Arcadyan LH1000)

CVE-2023-43478 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root. 

Learn more about our Web Application Penetration Testing UK.