Arbitrary Command Execution in Genexis Devices' Parental Control Panel

Arbitrary Command Execution in Genexis Devices' Parental Control Panel

CVE-2015-3441 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter.

Learn more about our User Device Pen Test.