Skip to content

Instantly share code, notes, and snippets.

@berkgoksel
Last active April 22, 2018 16:33
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save berkgoksel/99ba5c1f3f9f6e4e33e7ad966c007693 to your computer and use it in GitHub Desktop.
Save berkgoksel/99ba5c1f3f9f6e4e33e7ad966c007693 to your computer and use it in GitHub Desktop.
Ericsson-LG iPECS NMS A.1Ac - RCE over SQLi (CVE-2018-9245)

Description

The Ericsson-LG iPECS NMS A.1Ac login portal is prone to multiple SQL injection vulnerabilities in the "id" and "passwd" parameters which allow unauthenticated attackers to bypass the login page and execute remote code on the operating system.


Additional Information

The vendor has been notified about the vulnerability, however a distributor firm has responded. No response was received from the company after the disclosure. The product is a paid product therefore is not available for download.


Vulnerability Type

SQL Injection


Vendor of Product

Ericsson-LG


Affected Product Code Base

iPECS NMS - A.1Ac


Attack Type

Remote


Impact Code execution

true


Attack Vectors

In order to exploit the vulnerability an attacker needs to send a post request with the affected parameters containing SQL injection payloads. The attacker does not need to be authenticated.


Reference

https://www.youtube.com/watch?v=ah3MLcAURlc

https://www.ipecs.com/site/lgericsson/menu/158.do?scene=detail&productNo=45


Discoverer

Berk Cem Goksel

CVE-2018-9245

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment