Remote attackers can also change the system time and make other modifications to the system by setting the date to a desired time. Vulnerable installations are likely to be bricked or rendered inoperable if the time on the system is changed. This issue is similar to one described in CVE-2016-5199.

CVE-2016-5193: OS Command Injection Remote Code Execution Vulnerability

There is a known issue in OS/ firmware versions 1.5.3.5 and earlier. The issue is related to OS command injection vulnerability. Remote attackers can exploit this vulnerability by sending crafted HTTP request to the targeted device. This can lead to remote code execution on the device.

Updates/ firmware versions 1.5.3.6 and later are expected to fix this issue.

CVE-2016-5191: OS Command Injection Remote Code Execution Vulnerability

A remote code execution vulnerability was reported in OS/ firmware versions 1.5.3.5 and earlier. The issue is related to OS command injection vulnerability. Remote attackers can exploit this vulnerability by sending crafted HTTP request to the targeted device. This can lead to remote code execution on the device.

Updates/firmware versions 1.5.3.6 and later are expected to fix this issue.

CVE-2016-5192: OS Command Injection Remote Code Execution Vulnerability

A remote code execution vulnerability was reported in OS/firmware versions

IT Provides a User Guide for Recovering PoCs of the Flaws

PoCs of the vulnerabilities were provided in the following documents:

1) EXPLOIT.C: Exploit for CVE-2016-5187 and CVE-2016-5188
2) DESIGN.C: Design Document for the Flaws
3) EXEC.C: Execution of a PoC on the targeted device

Timeline

Published on: 08/17/2022 21:15:00 UTC
Last modified on: 08/19/2022 17:53:00 UTC

References