Article No° | Product Name | Affected Version(s) |
---|---|---|
REX 200/250 | < 7.3.0 | |
REX 300 | <= 5.1.11 |
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in REX200/250 devices, enabling the execution of arbitrary operating system commands and leading to full system compromise.
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
This vulnerability allows an authenticated remote attacker to fully compromise the system by executing arbitrary OS commands.
Remediation
Update REX 200/250 to at least version 7.3.0
Note: REX 300 is EOL and will not receive any further updates.
CERT@VDE coordinated with Helmholz GmbH & Co. KG
Marcel Rick-Cen for reporting