CVE-2018-20122

CRITICAL EXPLOITED

FASTGate Fastweb <0.00.47_FW_200_Askey 2017-05-17 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-20122 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0482
EPSS Percentile 90.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-07-05
CWE
CWE-78
Status published
Products (1)
fastweb/fastgate_firmware < 1.0.1b
Published Feb 21, 2019
Tracked Since Feb 18, 2026