Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21883
Reference (s):
- http://wifi-soft.com
- https://s3curityb3ast.github.io/KSA-Dev-009.txt
- https://www.mail-archive.com/[email protected]/msg07140.html