CVE-2017-17867

high-risk
Published 2018-01-04

Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration.

Do I need to act?

!
19.8% chance of exploitation in next 30 days
EPSS score — higher than 80% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
43428
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Intenogroup

References (6)

http://public.inteno.se/?p=feed-inteno-openwrt.git%3Ba=commit%3Bh=efcc985a721107...
Exploit https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html
Exploit https://www.exploit-db.com/exploits/43428/
http://public.inteno.se/?p=feed-inteno-openwrt.git%3Ba=commit%3Bh=efcc985a721107...
Exploit https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html
Exploit https://www.exploit-db.com/exploits/43428/
51
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 14/34 · Moderate
Exposure 7/34 · Low