vendor:
Atemio AM 520 HD Full HD satellite receiver
by:
Not provided
8.1
CVSS
CRITICAL
Remote Code Execution
78
CWE
Product Name: Atemio AM 520 HD Full HD satellite receiver
Affected Version From: Firmware <=2.01
Affected Version To: Not specified
Patch Exists: NO
Related CWE: Not specified
CPE: o:linux:linux_kernel:2.6.32.71 cpe:/o:linux:linux_kernel:3.14-1.17 cpe:/o:linux:linux_kernel:3.14.2
Platforms Tested: GNU/Linux 2.6.32.71 (STMicroelectronics), GNU/Linux 3.14-1.17 (armv7l), GNU/Linux 3.14.2 (mips), ATEMIO M46506 revision 990, Atemio 7600 HD STB
Not specified
TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution
The vulnerability in TitanNit Web Control 2.01 / Atemio 7600 allows an unauthorized attacker to execute system commands with elevated privileges by utilizing the 'getcommand' query in the application, resulting in root access.
Mitigation:
To mitigate this vulnerability, users should update the firmware to a version higher than 2.01 that addresses this issue.