Fortinet Discovers Cerio Routers Remote Code Execution Vulnerability
Fortinet's FortiGuard Labs has discovered a remote code execution vulnerability in some routers shipped by the company Cerio.
Cerio manufactures a series of network routers directly competing with Asus and Linksys routers.
A malicious authenticated user can forge a HTTP request to inject operating system commands that can be executed on the device with higher privileges.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Oct 29, 2018
Currently we are unaware of any vendor supplied patch or updates available for this issue.
This vulnerability was discovered by David Maciejak of Fortinet's FortiGuard Labs.