Vulnerability in GoAhead could affect thousands of IoT devices
Researchers from the Australian firm Elttam have made public a vulnerability in the web server of GoAhead, a server that, due to its characteristics, is widely used in thousands of IoT devices, routers, printers and other network equipment. It is estimated that between 500,000 and 700,000 equipment could be affected worldwide.
The vulnerability in GoAhead could put these devices at risk by allowing remote code execution in all versions of the web server below 3.6.5,when the CGI support is enabled and a CGI program is dynamically linked, which is a usual configuration option.
The creators of this web server, EmbedThis Software, have reported the publication of a patch to provide a solution to this problem.
References
-
20/12/2017https://www.theregister.co.uk
-
28/12/2017http://unaaldia.hispasec.com
-
26/12/2018https://www.redeszone.net
Etiquetas
