vulnerability
pfSense: pfSense-SA-16_05.webgui: Arbitrary Code Execution
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | May 24, 2016 | Aug 25, 2017 | Feb 18, 2025 |
Description
Command-injection vulnerabilities exist in diag_smart.php and diag_routes.php.
These allow authenticated WebGUI users with privileges for diag_smart.php or
diag_routes.php to execute commands in the context of the root user.
A user on pfSense version 2.3.1 or earlier, granted limited access to the
pfSense web configurator GUI including access to diag_smart.php and
diag_routes.php via their associated privileges: "WebCfg - Diagnostics:
S.M.A.R.T. Status" and "WebCfg - Diagnostics: Routing Tables" respectively,
could leverage these vulnerabilities to gain increased privileges, read other
files, execute commands, or perform other alterations.
This is not relevant for admin-level users as there are other deliberate means
by which an administrator could run commands.
Solution

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.