Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2018-8866 CVE-2018-8860 |
CWE-ID | CWE-78 CWE-319 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
VGo Celia Hardware solutions / Firmware |
Vendor | Vecna Technologies |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU12165
Risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8866
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary shell commands on the target system.
The weakness exists due to insufficient validation of user-supplied input. An adjacent attacker can inject and execute arbitrary shell commands.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 3.0.3.53662.
Vulnerable software versionsVGo Celia: 1.4.2 - 3.0.3.52164
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU12167
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8860
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists due to cleartext transmission of sensitive information. An adjacent attacker can capture firmware updates through the adjacent network.
Update to version 3.0.3.53662.
VGo Celia: 1.4.2 - 3.0.3.52164
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.