CVE-2017-11322

HIGH

Ucopia Wireless Appliance < 5.1.7 - OS Command Injection

Title source: rule

Description

The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.

Exploits (2)

exploitdb WORKING POC

by Sysdream · locallinux

https://www.exploit-db.com/exploits/42936

View Code ZIP pw:eip

github WORKING POC 4 stars

by tnpitsecurity · poc

https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2017-11322

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://sysdream.com/news/lab/2017-09-29-cve-2017-11322-ucopia-wireless-appliance-5-1-8-privileges-escalation/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42936/

Scores

CVSS v3 8.2

EPSS 0.0133

EPSS Percentile 80.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

ucopia/ucopia_wireless_appliance < 5.1.7

Published Oct 03, 2017

Tracked Since Feb 18, 2026