Published: 21/03/2019 Updated: 09/05/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digi transport_lr54_firmware

Digi TransPort LR54 suffers from a restricted shell bypass vulnerability that gets a root shell ...

layout title author category post CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape sgo security The Digi TransPort LR54 is a high speed LTE router commonly used by industry, infrastructure, retail and public transportation It supports running python scripts in a restricted sandbox, and has a custom shell accessible over SSH which is

CWE-20 https://seclists.org/bugtraq/2019/Feb/34 http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/https://nvd.nist.gov https://github.com/stigtsp/CVE-2018-20162-digi-lr54-restricted-shell-escape https://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-20162

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect