Command Injection Vulnerability in FASTGate Fastweb Devices

Command Injection Vulnerability in FASTGate Fastweb Devices

CVE-2018-20122 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability.

Learn more about our Web App Pen Testing.