MidnightBSD

Advisories for mitrastar

CVE-2017-16522 HIGH

MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
mitrastar dsl-100hn-t1_firmware es_113wjy0b16
mitrastar gpt-2541gnac_firmware 1.00(vnj0)b1
CVE-2017-16523 HIGH

MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mitrastar dsl-100hn-t1_firmware es_113wjy0b16
mitrastar gpt-2541gnac_firmware 1.00(vnj0)b1
CVE-2021-42165 HIGH

MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
mitrastar gpt-2541gnac-n1_firmware br_g3.5_100vnz0b33
CVE-2023-30065

MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function.

Products Affected

Vendor Product Version
mitrastar gpt-2741gnac-n2_firmware br_g5.9_1.11(wvk.0)b32
CVE-2023-33381

A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function.

Products Affected

Vendor Product Version
mitrastar gpt-2741gnac_firmware ar_g5.8_110wvn0b7_2