CVE-2012-5863

Sinapsitech Sinapsi Firmware < 2.0.2870 - OS Command Injection

Title source: rule

Description

These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.

Exploits (1)

exploitdb WRITEUP

by Roberto Paleari · textwebappsphp

https://www.exploit-db.com/exploits/21273

View Code ZIP pw:eip

References (7)

Core 7

Core References

US Government Resource

http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01

Third Party Advisory, VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/80202

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/21273/

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/80200

Various Sources x_refsource_confirm

http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88

Scores

EPSS 0.0908

EPSS Percentile 92.7%

Details

CWE

CWE-264 CWE-78

Status published

Products (7)

Sinapsi/eSolar < 2.0.2870_xxx_2.2.12

Sinapsi/eSolar DUO < 2.0.2870_xxx_2.2.12

Sinapsi/eSolar Light < 2.0.2870_xxx_2.2.12

sinapsitech/esolar_duo_photovoltaic_system_monitor

sinapsitech/esolar_light_photovoltaic_system_monitor

sinapsitech/esolar_photovoltaic_system_monitor

sinapsitech/sinapsi_firmware < 2.0.2870

Published Nov 23, 2012

Tracked Since Feb 18, 2026