MidnightBSD

Advisories for ctekproducts

CVE-2011-5010 HIGH

apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
ctekproducts skyrouter 4200
ctekproducts skyrouter 4300
CVE-2017-14000 HIGH

An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
ctekproducts skyrouter_z4200_firmware *
ctekproducts skyrouter_z4400_firmware *