CVE-2020-24849

EUVD-2020-17558
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
fruitywifi_projectfruitywifi
𝑥
≤ 2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://fruitywifi.com/index_eng.html
https://gist.github.com/harsh-bothra/f899045b16bbba264628d79d52c07c22
https://github.com/xtr4nge/FruityWifi
http://fruitywifi.com/index_eng.html
https://gist.github.com/harsh-bothra/f899045b16bbba264628d79d52c07c22
https://github.com/xtr4nge/FruityWifi