Zero-Day Advisory
Fortinet Discovers Cerio Routers Remote Code Execution Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a remote code execution vulnerability in some routers shipped by the company Cerio.
Cerio manufactures a series of network routers directly competing with Asus and Linksys routers.
A malicious authenticated user can forge a HTTP request to inject operating system commands that can be executed on the device with higher privileges.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Cerio.Save.CGI.POST.Remote.Code.Execution
Released Oct 29, 2018
Currently we are unaware of any vendor supplied patch or updates available for this issue.
Acknowledgement
This vulnerability was discovered by David Maciejak of Fortinet's FortiGuard Labs.