CVE-2018-11116

Published: Jun 19, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html

x_refsource_MISC

https://forum.openwrt.org/t/rpcd-vulnerability-reported-on-vultdb/16497/3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-11116

Description

Affected Products

References