Sign-up

ID

VAR-201112-0100


CVE

CVE-2011-5010


TITLE

Ctek SkyRouter of apps/a3/cfg_ethping.cgi Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2011-003533

DESCRIPTION

apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action. Ctek SkyRouter is a product for managing wireless IP connections. Ctek SkyRouter 4200 and 4300 series routers are prone to a remote arbitrary command-execution vulnerability because it fails to adequately sanitize user-supplied input. A vulnerability exists in apps/a3/cfg_ethping.cgi in Ctek SkyRouter versions 4200 to 4300. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ctek SkyRouter 4200 / 4300 "PINGADDRESS" Command Injection Vulnerability SECUNIA ADVISORY ID: SA47003 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47003/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47003 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47003/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47003/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47003 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ctek SkyRouter 4200 and Ctek SkyRouter 4300, which can be exploited by malicious people to compromise a vulnerable device. Input passed via the "PINGADDRESS" parameter to apps/a3/cfg_ethping.cgi is not properly verified before being used. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Reported in a Metasploit module by Josh Brashars. ORIGINAL ADVISORY: http://dev.metasploit.com/redmine/issues/5610 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2011-5010 // JVNDB: JVNDB-2011-003533 // CNVD: CNVD-2011-5142 // BID: 50867 // VULHUB: VHN-52955 // PACKETSTORM: 107519

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-5142

AFFECTED PRODUCTS

vendor:ctekproductsmodel:skyrouterscope:eqversion:4200

Trust: 1.6

vendor:ctekproductsmodel:skyrouterscope:eqversion:4300

Trust: 1.6

vendor:ctekmodel:skyrouterscope:eqversion:4200

Trust: 1.4

vendor:ctekmodel:skyrouterscope:eqversion:4300

Trust: 1.4

vendor:ctekmodel:skyrouterscope:eqversion:43000

Trust: 0.3

vendor:ctekmodel:skyrouterscope:eqversion:42000

Trust: 0.3

sources: CNVD: CNVD-2011-5142 // BID: 50867 // JVNDB: JVNDB-2011-003533 // CNNVD: CNNVD-201112-450 // NVD: CVE-2011-5010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-5010
value: HIGH

Trust: 1.0

NVD: CVE-2011-5010
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201112-450
value: CRITICAL

Trust: 0.6

VULHUB: VHN-52955
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-5010
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-52955
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-52955 // JVNDB: JVNDB-2011-003533 // CNNVD: CNNVD-201112-450 // NVD: CVE-2011-5010

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-52955 // JVNDB: JVNDB-2011-003533 // NVD: CVE-2011-5010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-450

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201112-450

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003533

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-52955

PATCH
title:Top Pageurl:http://www.ctekproducts.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-003533

EXTERNAL IDS
db:NVDid:CVE-2011-5010
Trust: 3.4
db:BIDid:50867
Trust: 2.6
db:EXPLOIT-DBid:18172
Trust: 2.3
db:SECUNIAid:47003
Trust: 1.8
db:OSVDBid:77497
Trust: 1.7
db:JVNDBid:JVNDB-2011-003533
Trust: 0.8
db:CNNVDid:CNNVD-201112-450
Trust: 0.7
db:CNVDid:CNVD-2011-5142
Trust: 0.6
db:SEEBUGid:SSVID-72369
Trust: 0.1
db:VULHUBid:VHN-52955
Trust: 0.1
db:PACKETSTORMid:107519
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2011-5142 // 
            
            
            
            VULHUB: VHN-52955 // 
            
            
            
            BID: 50867 // 
            
            
            
            JVNDB: JVNDB-2011-003533 // 
            
            
            
            PACKETSTORM: 107519 // 
            
            
            
            CNNVD: CNNVD-201112-450 // 
            
            
            
            NVD: CVE-2011-5010

REFERENCES
url:http://dev.metasploit.com/redmine/issues/5610
Trust: 1.8
url:http://www.securityfocus.com/bid/50867
Trust: 1.7
url:http://www.exploit-db.com/exploits/18172
Trust: 1.7
url:http://osvdb.org/77497
Trust: 1.7
url:http://secunia.com/advisories/47003
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5010
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5010
Trust: 0.8
url:http://www.exploit-db.com/exploits/18172/
Trust: 0.6
url:http://www.ctekproducts.com/
Trust: 0.3
url:http://secunia.com/advisories/47003/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47003
Trust: 0.1
url:http://secunia.com/advisories/47003/#comments
Trust: 0.1
url:http://secunia.com/company/jobs/
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2011-5142 // 
            
            
            
            VULHUB: VHN-52955 // 
            
            
            
            BID: 50867 // 
            
            
            
            JVNDB: JVNDB-2011-003533 // 
            
            
            
            PACKETSTORM: 107519 // 
            
            
            
            CNNVD: CNNVD-201112-450 // 
            
            
            
            NVD: CVE-2011-5010

CREDITS
savant42
Trust: 0.3
sources:
            
            
            BID: 50867

SOURCES
db:CNVDid:CNVD-2011-5142
db:VULHUBid:VHN-52955
db:BIDid:50867
db:JVNDBid:JVNDB-2011-003533
db:PACKETSTORMid:107519
db:CNNVDid:CNNVD-201112-450
db:NVDid:CVE-2011-5010

LAST UPDATE DATE
2025-04-11T23:16:46.087000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-5142date:2011-12-05T00:00:00
db:VULHUBid:VHN-52955date:2012-02-17T00:00:00
db:BIDid:50867date:2012-01-03T22:00:00
db:JVNDBid:JVNDB-2011-003533date:2011-12-28T00:00:00
db:CNNVDid:CNNVD-201112-450date:2012-02-14T00:00:00
db:NVDid:CVE-2011-5010date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2011-5142date:2011-12-05T00:00:00
db:VULHUBid:VHN-52955date:2011-12-25T00:00:00
db:BIDid:50867date:2011-11-30T00:00:00
db:JVNDBid:JVNDB-2011-003533date:2011-12-28T00:00:00
db:PACKETSTORMid:107519date:2011-12-05T03:55:56
db:CNNVDid:CNNVD-201112-450date:2011-12-26T00:00:00
db:NVDid:CVE-2011-5010date:2011-12-25T01:55:04.773