Published: 31/10/2019 Updated: 07/11/2023

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue exists in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote malicious users to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.

Vulnerable Product	Search on Vulmon	Subscribe to Product
technicolor td5130v2_firmware oi_fw_v20

# Exploit Title: Technicolor TD51302 - Remote Command Execution # Date: 2019-11-12 # Exploit Author: João Teles # Vendor Homepage: wwwtechnicolorcom/ # Version: TD5130v2 # Firmware Version: OI_Fw_V20 # CVE : CVE-2019-18396 --------------------------- POST /mnt_pingcgi HTTP/11 Host: HOST User-Agent: Mozilla/50 (X11; Linux x86_64; rv ...

Technicolor TD51302 with firmware version OI_Fw_V20 suffers from a remote command execution vulnerability ...

CWE-78 https://www.twitter.com/c4pt41nnn http://packetstormsecurity.com/files/155296/Technicolor-TD5130.2-Remote-Command-Execution.html https://medium.com/%40c4pt41nnn/cve-2019-18396-command-injection-in-technicolor-router-da5dd2134052 https://nvd.nist.gov https://www.exploit-db.com/exploits/47651

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-18396

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect