CVE-2018-16752

HIGH EXPLOITED IN THE WILD

LINK-NET LW-N605R - RCE

Title source: llm

Description

LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.

Exploits (1)

exploitdb WORKING POC

by Nassim Asrir · pythonwebappshardware

https://www.exploit-db.com/exploits/45351

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/149297/LW-N605R-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45351/

Scores

CVSS v3 8.8

EPSS 0.4874

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-03

InTheWild.io 2024-05-29

CWE

CWE-78 CWE-1188

Status published

Products (1)

linknet-usa/lw-n605r_firmware 12.20.2.1486

Published Sep 20, 2018

Tracked Since Feb 18, 2026