This vulnerability can be exploited only if the user browses to a maliciously crafted website or a website that contains malicious code and is not blocked by the firewall. The attacker can exploit this vulnerability to execute a malicious code on the firewall. This vulnerability can be exploited by an attacker by sending a malicious HTTP request in the following ways: Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-based management interface of the device if it is accessible by remote unauthenticated attackers.
Via a web-
Vulnerable devices
The vulnerability affects various devices running the following versions of firmware:
* Smoothwall Firewall and VPN on i5/OS 6.3.6-2 and 6.3.6-3
* Smoothwall Firewall and VPN on i5/OS 7.1.3-1, 7.1.4-1, 7.2-1, 7.2-2, and 8.0CR1
* Smoothwall Firewall on UBNT EdgeRouter Lite 2 (ERLite) with firmware 2.9 or below
* MikroTik RouterOS for SOHO 1.6 build 14955 or below
Vulnerability Scenario
Vulnerability Scenario: Exploiting the vulnerability to execute a malicious code on the firewall is possible only after visiting a maliciously crafted website or a site that contains malicious code and is not blocked by the firewall.
Timeline
Published on: 03/25/2022 23:15:00 UTC
Last modified on: 03/31/2022 01:14:00 UTC