First published: Tue Jun 11 2019(Updated: )
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Hootoo Tripmate Titan Ht-tm05 Firmware | =2.000.022 | |
Hootoo Tripmate Titan Ht-tm05 Firmware | =2.000.082 | |
HooToo TripMate Titan HT-TM05 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-20841 is critical with a CVSS score of 9.8.
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 are affected by CVE-2018-20841.
An attacker can exploit CVE-2018-20841 by using shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
There is currently no known fix for CVE-2018-20841. It is recommended to follow the vendor's advisory and apply any security patches or updates.
You can find more information about CVE-2018-20841 at the following references: [https://ioactive.com/hootoo-tripmate-routers-are-cute-but/](https://ioactive.com/hootoo-tripmate-routers-are-cute-but/) and [https://www.exploit-db.com/exploits/46143](https://www.exploit-db.com/exploits/46143).