cvedb.io
CVE-2018-20487
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2019-04-11T21:29:00.797 · Last modified 2026-06-17T01:52:57.233

Summary

An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are committed.

Affected products

inteno — iopsys

Does this affect you?

Add your gear to cvedb and we'll alert you only when inteno ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.