Full Report
A authenticated attacker can execute arbitrary code using command ejection.
Analysis Summary
# Vulnerability: Eltex ESR-200 Router Command Injection
## CVE Details
- CVE ID: CVE-2018-15356
- CVSS Score: 7.1 (High) (Based on CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
- CWE: Command Injection (Implied by description)
## Affected Systems
- Products: Eltex ESR-200 Router
- Versions: Firmware version 1.2.0
- Configurations: Requires authenticated access.
## Vulnerability Description
An authenticated attacker can exploit this vulnerability to execute arbitrary operating system commands on the affected device via command injection flaws present in the firmware's insecure handling of user input.
## Exploitation
- Status: Existence of exploit Unknown
- Complexity: Low
- Attack Vector: Network (Requires authentication)
## Impact
- Confidentiality: Low
- Integrity: Low
- Availability: Low
## Remediation
### Patches
- Update firmware to version **1.3.0** or later.
### Workarounds
- No specific workarounds are explicitly detailed other than applying the patch. Secure baseline configuration and strict management of authenticated user access are generally recommended.
## Detection
- **Indicators of compromise:** Unexpected system processes executing, unusual outbound network traffic originating from the router, or configuration changes not initiated by an administrator.
- **Detection methods and tools:** Network monitoring looking for payloads indicative of command injection attempts against devices hosting Eltex firmware versions prior to 1.3.0.
## References
- Vendor advisory (Implied by KLCERT-012 publication): ics-cert.kaspersky.com/advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/ (Defanged in context)