CVE-2018-11240
CRITICALSoftcase T-router Firmware - Incorrect Permission Assignment
Title source: ruleDescription
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://gist.github.com/neolead/1b90d8df7ef4fd1d3d03c1265e5804ac#file-cve-2018-11240-txt
Scores
CVSS v3
9.8
EPSS
0.0058
EPSS Percentile
69.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
softcase/t-router_firmware
20112017
Published
Sep 21, 2018
Tracked Since
Feb 18, 2026