ZDI-23-1010: Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability
First published: Fri Jul 28 2023(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adtran SR400ac |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-23-1010?
ZDI-23-1010 is classified as a high-severity vulnerability that allows remote code execution.
How do I fix ZDI-23-1010?
To fix ZDI-23-1010, apply the security updates provided by Adtran for the SR400ac routers.
Who is affected by ZDI-23-1010?
ZDI-23-1010 affects installations of Adtran SR400ac routers.
Can ZDI-23-1010 be exploited without authentication?
No, exploitation of ZDI-23-1010 requires authentication, although the mechanism can be bypassed.
What can attackers do with ZDI-23-1010?
Attackers can execute arbitrary code on affected Adtran SR400ac routers due to ZDI-23-1010.
- collector/zdi-published
- alias/ZDI-CAN-20525
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/title
- agent/severity
- agent/description
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-1010
- alias/CVE-2023-38120
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/event
- agent/source
- vendor/adtran
- canonical/adtran sr400ac