본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7842 | Netis Korea D'live AP command injection vulnerability2020.11.18
□ Overview
 o Netis Korea released security update to address arbitrary command injection vulnerability in
    D'live(WF2429TB) AP (set-top box AP)
Vulerability Type Impact Severity CVSS CVE ID
Improper input validation Arbitrary command execution Medium 6.4 CVE-2020-7842
 
□ Description
 o Improper input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command
    injection and execution when the time setting(using ntpServerlp1 parameter) for the users. (CVE-2020-7842)

□ Affected Product
Product Version PlatForm
Netis Korea D'live WF2429TB AP v1.1.10 Linux
 
□ Solution
 o Update firmwares over D'live WF2429TB  1.1.14 version or higher.
    (Automatic upgrade via firmware server)

□ Reference
o https://netu.co.kr/atboard_view.php?model=&grp1=news&grp2=notice&uid=24977&keyfield=all&keyword=&page=1

□ Acknowledgement
 o Thanks to Myeongsik Jeong for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀
키워드 D'live , netis