Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2017-17867

Published: 04/01/2018 Updated: 07/11/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 905
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Iopsys

Vulnerability Summary

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration.

Vulnerable Product Search on Vulmon Subscribe to Product

intenogroup iopsys

intenogroup iopsys 4.0

Exploits

Exploit DB: Inteno IOPSYS 3.16.4 Root Filesystem Access
Inteno IOPSYS version 3164 suffers from a newline injection issue with samba share options that allows an attacker root access to the filesystem ...
Exploit DB: Iopsys Router - 'dhcp' Remote Code Execution
#!/usr/bin/python import json import sys import subprocess import socket import os from time import sleep from websocket import create_connection def ubusAuth(host, username, password): ws = create_connection("ws://" + host, header = ["Sec-WebSocket-Protocol: ubus-json"]) req = jsondumps({"jsonrpc":"20","method":"call", "params" ...

Github Repositories

https://github.com/neonsea/inteno-exploits

A collection of exploits for various vulnerabilities targeting Inteno IOPSYS devices

Proof of concepts and exploits for IOPSYS devices This is a collection of scripts which abuse various vulnerabilities on devices running Inteno's IOPSYS More details about each vulnerability can be found on my blog These scripts have only been tested on Linux, but they may also work on other operating systems Dependencies The Python scripts require Python 36+ and the

References

CWE-732https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.htmlhttps://www.exploit-db.com/exploits/43428/http://public.inteno.se/?p=feed-inteno-openwrt.git%3Ba=commit%3Bh=efcc985a721107e72a66da4db66891ec54441998https://nvd.nist.govhttps://github.com/neonsea/inteno-exploitshttps://packetstormsecurity.com/files/160988/Inteno-IOPSYS-3.16.4-Root-Filesystem-Access.htmlhttps://www.exploit-db.com/exploits/43428/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook