CVE-2020-16134

by Fred · 04/08/2020

An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the (user-configurable) credentials for the local Web interface or physical access to a device’s plus or reset button, an attacker can create a user with elevated privileges on the Sysbus-API. This can then be used to modify local or remote SSH access, thus allowing a login session as the superuser.

Date published : 2020-08-04

https://www.swisscom.ch

https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2020-16134.txt

CVE-2020-16134

Similar

Recent Posts

Categories

CVE-2020-16134

Share this:

Similar

Recent Posts

Categories

Tags