FAST LTA Silent Brick WebUI OS Command Injection Vulnerability
Vulnerability
A critical OS command injection vulnerability exists in the FAST LTA Silent Brick WebUI version 2.63. This vulnerability allows remote attackers to execute arbitrary operating system commands by sending specially crafted input. The issue stems from inadequate sanitization and validation of untrusted input, which is directly passed to system-level commands. Exploitation of this vulnerability could lead to unauthorized access, data leakage, or a complete system compromise. The vulnerable WebUI parameters are 'hd' and 'pi'.
Impact
Successful exploitation allows for arbitrary command execution on the affected system, potentially leading to unauthorized access, data leakage, or a full system compromise.
Remediation
Users are advised to update to FAST LTA Silent Brick WebUI version 2.63, which includes important security updates. The update can be downloaded from the FAST LTA software repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.