CVE-2012-5693

HIGH

Bulb Security Smartphone Pentest Framework <0.1.3 - RCE

Title source: llm
STIX 2.1

Description

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23123

Scores

CVSS v3 8.8
EPSS 0.0166
EPSS Percentile 73.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
bulbsecurity/smartphone_pentest_framework < 0.1.3
Published Jan 03, 2020
Tracked Since Feb 18, 2026