CTEK.SkyRouter.Arbitrary.Command.Execution

Release Date Jan 05, 2012
Severity high
Impact System Compromise: Remote attackers can gain control of vulnerable systems
Description This indicates an attack attempt against a Remote Code Execution vulnerability in CTEK SkyRouter 4200 and 4300. This is due tp how the filters for user inputs fail to properly sanitize the parameter value that is passed to "cfg_ethping.cgi". An attacker may include shell commands by supplying an injection string through the URL.
Affected Products CTEK SkyRouter 4200 and 4300
Recommended Actions Currently we are not aware of any vendor supplied patches for this issue.
Coverage IPS VCM
Reference/s http://dev.metasploit.com/redmine/issues/5610

Fortinet