|Number of vulnerabilities||1|
D9800 Network Transport Receiver
Hardware solutions / Firmware
|Vendor||Cisco Systems, Inc|
This security bulletin contains one low risk vulnerability.
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: NoDescription
The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The weakness exists in the web management GUI of the Cisco D9800 Network Transport Receiver due to insufficient input validation of GUI command arguments. A remote attacker can inject specially crafted arguments into a vulnerable GUI command and execute commands on the underlying BusyBox operating system with elevated privileges.
Install update from vendor's website.
D9800 Network Transport Receiver: All versionsCPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?