Login Sign Up

CVE-2018-20162

9.9 CRITICAL

📋 TL;DR

CVE-2018-20162 is an improper input validation vulnerability in Digi TransPort LR54 devices that allows users with 'super' CLI access privileges to escape the restricted shell and execute arbitrary commands as root. This affects devices running firmware version 4.4.0.26 and likely earlier versions. The vulnerability enables privilege escalation from limited administrative access to full root control.

💻 Affected Systems

Products:
  • Digi TransPort LR54
Versions: 4.4.0.26 and earlier
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires 'super' CLI access privilege level to exploit; standard user accounts are not affected.

📦 What is this software?

Transport Lr54 Firmware by Digi

View all CVEs affecting Transport Lr54 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with 'super' CLI access gains full root privileges, enabling complete device compromise, configuration modification, data exfiltration, and use as a pivot point into the network.

🟠

Likely Case

Malicious insiders or compromised 'super' user accounts escalate privileges to root, allowing them to install backdoors, modify network settings, or disrupt operations.

🟢

If Mitigated

With proper access controls and monitoring, exploitation would be detected and contained, limiting impact to isolated device compromise.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated 'super' CLI access; public proof-of-concept demonstrates shell escape techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.0.27 or later

Vendor Advisory: https://www.digi.com/resources/security

Restart Required: Yes

Instructions:

1. Download latest firmware from Digi support portal. 2. Backup current configuration. 3. Upload and install firmware update via web interface or CLI. 4. Reboot device. 5. Verify firmware version.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit 'super' CLI access to only necessary personnel and implement strong authentication.

Network Segmentation

all

Isolate Digi devices in separate network segments to limit lateral movement if compromised.

🧯 If You Can't Patch

  • Implement strict access controls for 'super' CLI accounts with multi-factor authentication.
  • Monitor CLI sessions and command execution for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > About) or CLI 'show version' command; versions 4.4.0.26 or earlier are vulnerable.

Check Version:

show version

Verify Fix Applied:

Verify firmware version is 4.4.0.27 or later; test restricted shell escape attempts should fail.

📡 Detection & Monitoring

Log Indicators:

  • Unusual CLI session activity from 'super' users
  • Execution of commands outside restricted shell
  • Failed authentication attempts followed by successful 'super' login

Network Indicators:

  • Unexpected outbound connections from Digi device
  • Anomalous network configuration changes

SIEM Query:

source="digi-logs" AND (event="cli_session" AND user="super") AND command="*"

📊 Metadata

CVE ID: CVE-2018-20162
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-20
Published: March 21, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-20162, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2019-11708 10.0

This vulnerability allows a compromised child process in Firefox/Thunderbird to trick the parent pro...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)