CVE-2017-17743
MEDIUMUCOPIA Wireless Appliance Firmware < 4.4.20, 5.0.x < 5.0.19, 5.1.x < 5.1.11 - Privilege Escalation via .bashrc Upload
Title source: llmDescription
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/
Scores
CVSS v3
6.7
EPSS
0.0113
EPSS Percentile
62.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
ucopia/wireless_appliance_firmware
< 4.4.20
Published
Mar 22, 2018
Tracked Since
Feb 18, 2026