CVE-2018-20162

moderate-risk
Published 2019-03-21

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.

Do I need to act?

~
4.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Transport Lr54 Firmware

Affected Vendors

Digi

References (6)

Exploit http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell...
https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/
Exploit https://seclists.org/bugtraq/2019/Feb/34
Exploit http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell...
https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/
Exploit https://seclists.org/bugtraq/2019/Feb/34
45
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal