CVE-2018-4031
CRITICALCUJO Smart Firewall 7003 - Remote Code Execution via Safe Browsing HTTP Request Parsing
Title source: llmDescription
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0703
Scores
CVSS v3
10.0
EPSS
0.0267
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
getcujo/smart_firewall
7003
Published
Oct 31, 2019
Tracked Since
Feb 18, 2026