CVE-2018-17317
Last modified
CVE-2018-17317 is a vulnerability of currently unknown severity. FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.. EPSS estimates a 4.31% chance of exploitation in the next 30 days.
Description
FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fruitywifi Project | Fruitywifi | 2.1 |
References
- http://blog.51cto.com/010bjsoft/2175710Exploit, Third Party Advisory
- https://github.com/PatatasFritas/PatataWifi/issues/1Exploit, Third Party Advisory
- http://blog.51cto.com/010bjsoft/2175710Exploit, Third Party Advisory
- https://github.com/PatatasFritas/PatataWifi/issues/1Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-17317?
How severe is CVE-2018-17317?
How do I fix CVE-2018-17317?
Are you affected by CVE-2018-17317?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST