ADB Group Manipulation Privilege Escalation
Posted by deepcore on July 6, 2018 – 9:42 pm
An attacker with standard / low access rights within the web GUI is able to gain access to the CLI (if it has been previously disabled by the configuration) and escalate his privileges. Depending on the CLI features it is possible to extract the whole configuration and manipulate settings or gain access to debug features of the device, e.g. via “debug”, “upgrade”, “upload” etc. commands in the CLI. Attackers can gain access to sensitive configuration data such as VoIP credentials or other information and manipulate any settings of the device. Versions affected include ADB P.RG AV4202N, DV2210, VV2220, and VV5522.
Post a reply
You must be logged in to post a comment.