First published: Sun Mar 17 2019(Updated: )
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digi Transport Lr54 Firmware | <4.4.0.26 | |
Digi TransPort LR54 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20162 is a vulnerability in Digi TransPort LR54 devices that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
CVE-2018-20162 is considered a critical vulnerability with a severity rating of 9.9.
Digi TransPort LR54 firmware versions up to exclusive 4.4.0.26 are affected by CVE-2018-20162.
To fix CVE-2018-20162, users should update their Digi TransPort LR54 firmware to a version that is not affected by the vulnerability.
More information about CVE-2018-20162 can be found at the following references: [http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html](http://packetstormsecurity.com/files/151719/Digi-TransPort-LR54-Restricted-Shell-Escape.html), [https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/](https://blog.hackeriet.no/cve-2018-20162-digi-lr54-restricted-shell-escape/), [https://seclists.org/bugtraq/2019/Feb/34](https://seclists.org/bugtraq/2019/Feb/34).