pwn910nd - abusing OpenWRT's printer server to become root - CVE-2018-10123
In Summary : I have discovered yet another vulnerability in Inteno’s IOPSYS firmware - but I believe this to affect all OpenWRT or LEDE ba...
https://updatesinfosec.blogspot.com/2018/05/pwn910nd-abusing-openwrts-printer.html
In Summary :
I have discovered yet another vulnerability in Inteno’s IOPSYS firmware - but I believe this to affect all OpenWRT or LEDE based routers that ship with the printer driver p910nd. Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. [...]
kindly refer the following link as follow up :
https://ift.tt/2InJuVC
I have discovered yet another vulnerability in Inteno’s IOPSYS firmware - but I believe this to affect all OpenWRT or LEDE based routers that ship with the printer driver p910nd. Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. [...]
kindly refer the following link as follow up :
https://ift.tt/2InJuVC
