An issue exists in the firewall3 component in Inteno IOPSYS 1.0 up to and including 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are committed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
inteno iopsys |