LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-1188,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linknet-usa | lw-n605r_firmware | 12.20.2.1486 |