Description
The Ericsson-LG iPECS NMS A.1Ac login portal is prone to multiple SQL injection vulnerabilities in the "id" and "passwd" parameters which allow unauthenticated attackers to bypass the login page and execute remote code on the operating system.
Additional Information
The vendor has been notified about the vulnerability, however a distributor firm has responded. No response was received from the company after the disclosure. The product is a paid product therefore is not available for download.
Vulnerability Type
SQL Injection
Vendor of Product
Ericsson-LG
Affected Product Code Base
iPECS NMS - A.1Ac
Attack Type
Remote
Impact Code execution
true
Attack Vectors
In order to exploit the vulnerability an attacker needs to send a post request with the affected parameters containing SQL injection payloads. The attacker does not need to be authenticated.
Reference
https://www.youtube.com/watch?v=ah3MLcAURlc
https://www.ipecs.com/site/lgericsson/menu/158.do?scene=detail&productNo=45
Discoverer
Berk Cem Goksel
CVE-2018-9245