LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtu_size parameter. The lifesize default password for the cli account may sometimes be used for authentication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lifesize team_220_firmware - |
||
lifesize passport_220_firmware - |
||
lifesize networker_220_firmware - |
||
lifesize room_220_firmware - |