CVE-2019-16398

On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
References
Link Resource
https://gitlab.com/crypt0crc/cve-2019-16398 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:keeper:k5_firmware:20.1.0.63:*:*:*:*:*:*:*
cpe:2.3:o:keeper:k5_firmware:20.1.0.25:*:*:*:*:*:*:*
cpe:2.3:h:keeper:k5:-:*:*:*:*:*:*:*

Information

Published : 2019-09-19 08:15

Updated : 2021-07-21 04:39


NVD link : CVE-2019-16398

Mitre link : CVE-2019-16398


JSON object : View

CWE
CWE-345

Insufficient Verification of Data Authenticity

Advertisement

dedicated server usa

Products Affected

keeper

  • k5_firmware
  • k5