Overview
- Description
- fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.
- Source
- vulnreport@tenable.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- CWE-434
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35A4EC70-8D90-4C41-AD63-0C531644C396",
"versionEndExcluding": "0.18.15r"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "18BB9AA9-95B5-4EF5-B398-7B2E80991966"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]