An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are committed.
Add your gear to cvedb and we'll alert you only when inteno ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.