Vulnerability Details : CVE-2011-5010
Public exploit exists!
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.
Products affected by CVE-2011-5010
- cpe:2.3:h:ctekproducts:skyrouter:4300:*:*:*:*:*:*:*
- cpe:2.3:h:ctekproducts:skyrouter:4200:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-5010
68.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-5010
-
CTEK SkyRouter 4200 and 4300 Command Execution
Disclosure Date: 2011-09-08First seen: 2020-04-26exploit/unix/http/ctek_skyrouterThis module exploits an unauthenticated remote root exploit within ctek SkyRouter 4200 and 4300. Authors: - savant42
CVSS scores for CVE-2011-5010
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-5010
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-5010
-
http://www.securityfocus.com/bid/50867
Ctek SkyRouter 4200 and 4300 Series Routers Remote Arbitrary Command Execution Vulnerability
-
http://www.exploit-db.com/exploits/18172
CTEK SkyRouter 4200/4300 - Command Execution (Metasploit) - Hardware remote ExploitExploit
-
http://dev.metasploit.com/redmine/issues/5610
Jump to