vendor:
VR-3030
by:
Raki Ben Hamouda
8.8
CVSS
HIGH
Authenticated Command Injection
78
CWE
Product Name: VR-3030
Affected Version From: DE11-416SSG-C01_R02.A2pvI042j1.d26m
Affected Version To: 1.0.38-116.228-1
Patch Exists: YES
Related CWE: CVE-2020-10173
CPE: h:comtrend:vr-3030
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: None
2020
Comtrend VR-3033 – Authenticated Command Injection
The Comtrend VR-3033 is prone to Multiple Authenticated Command Injection vulnerability via ping and traceroute diagnostic page. Remote attackers are able to get full control and compromise the network managed by the router.
Mitigation:
Access the interface with minimum privilege.
