CVE-2018-20841: OS Command Injection
First published: Tue Jun 11 2019(Updated: )
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hootoo Tripmate Titan Ht-tm05 Firmware | =2.000.022 | |
| Hootoo Tripmate Titan Ht-tm05 Firmware | =2.000.082 | |
| HooToo TripMate Titan HT-TM05 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-20841?
The severity of CVE-2018-20841 is critical with a CVSS score of 9.8.
Which routers are affected by CVE-2018-20841?
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 are affected by CVE-2018-20841.
How can an attacker exploit CVE-2018-20841?
An attacker can exploit CVE-2018-20841 by using shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
Is there a fix for CVE-2018-20841?
There is currently no known fix for CVE-2018-20841. It is recommended to follow the vendor's advisory and apply any security patches or updates.
Where can I find more information about CVE-2018-20841?
You can find more information about CVE-2018-20841 at the following references: [https://ioactive.com/hootoo-tripmate-routers-are-cute-but/](https://ioactive.com/hootoo-tripmate-routers-are-cute-but/) and [https://www.exploit-db.com/exploits/46143](https://www.exploit-db.com/exploits/46143).
- collector/nvd-index
- vendor/hootoo
- canonical/hootoo tripmate titan ht-tm05 firmware
- version/hootoo tripmate titan ht-tm05 firmware/2.000.022
- version/hootoo tripmate titan ht-tm05 firmware/2.000.082
- canonical/hootoo tripmate titan ht-tm05