Milesight UG65-868M-EA Improper Access Control Vulnerability Allowing Unauthorized Write Access to rc.local File
Vulnerability
A vulnerability exists in the Milesight UG65-868M-EA industrial gateway, specifically in firmware versions prior to 60.0.0.46. The issue allows admin users to gain unauthorized write access to the /etc/rc.local file, which is executed during system boot. This improper access control could enable the injection of arbitrary shell commands, potentially leading to further exploitation of the device.
Impact
Exploitation of this vulnerability could allow an admin user to inject arbitrary shell commands, which would be executed with system privileges.
Remediation
Milesight has released a firmware update version 60.0.0.46 for the UG65-868M-EA gateway. Users can download the latest firmware from the Milesight Download Center. For more information about this issue and instructions for installing the latest firmware, contact Milesight technical support.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.