CVE-2018-3969

HIGH

CUJO Smart Firewall - Persistent OS Command Injection via dhcpd.conf

Title source: llm
STIX 2.1

Description

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0634

Scores

CVSS v3 7.8
EPSS 0.0050
EPSS Percentile 39.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
getcujo/smart_firewall 7003
Published Mar 21, 2019
Tracked Since Feb 18, 2026