CVE-2019-6962

Published: Jun 20, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-6962

Description

Affected Products

References