CVE-2019-7384

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:raisecom:iscom_ht803g-u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:raisecom:iscom_ht803g-u:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:raisecom:iscom_ht803g-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:raisecom:iscom_ht803g-w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:raisecom:iscom_ht803g-1ge_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:raisecom:iscom_ht803g-1ge:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:raisecom:iscom_ht803g_gpon_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:raisecom:iscom_ht803g_gpon:-:*:*:*:*:*:*:*

Information

Published : 2019-03-21 09:01

Updated : 2023-01-31 18:21


NVD link : CVE-2019-7384

Mitre link : CVE-2019-7384


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

raisecom

  • iscom_ht803g-w
  • iscom_ht803g-u
  • iscom_ht803g-w_firmware
  • iscom_ht803g-u_firmware
  • iscom_ht803g-1ge
  • iscom_ht803g-1ge_firmware
  • iscom_ht803g_gpon_firmware
  • iscom_ht803g_gpon