CVE-2017-11322
published 2017-10-03CVE-2017-11322: The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter…
PriorityP352high8.2CVSS 3.0
AVLACLPRHUINSCCHIHAH
EXPLOIT
EPSS
4.72%
90.7th percentile
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ucopia | express_wireless_appliance | <= 6.0.5 | — |
| ucopia | ucopia_wireless_appliance | <= 5.1.7 | — |
CVSS provenance
nvdv3.08.2HIGHCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3qgh-vv5w-v35w: UCOPIA Wi-Fi appliances 6
ghsa_unreviewed·2022-05-24·CVSS 8.2
CVE-2020-25035 [HIGH] GHSA-3qgh-vv5w-v35w: UCOPIA Wi-Fi appliances 6
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322.
GHSA
GHSA-6jhw-mv73-wjc2: The chroothole_client executable in UCOPIA Wireless Appliance before 5
ghsa_unreviewed·2022-05-13
CVE-2017-11322 [HIGH] CWE-78 GHSA-6jhw-mv73-wjc2: The chroothole_client executable in UCOPIA Wireless Appliance before 5
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
No detection rules found.
No writeups or analysis indexed.
https://sysdream.com/news/lab/2017-09-29-cve-2017-11322-ucopia-wireless-appliance-5-1-8-privileges-escalation/https://www.exploit-db.com/exploits/42936/https://sysdream.com/news/lab/2017-09-29-cve-2017-11322-ucopia-wireless-appliance-5-1-8-privileges-escalation/https://www.exploit-db.com/exploits/42936/
2017-10-03
Published