I. VULNERABILITY
-------------------------
Riello UPS systems allow to easily escape the configuration shell and get access to the operating system
II. VENDOR
---------
I. VULNERABILITY
-------------------------
Riello UPS systems allow to easily escape the configuration shell and get access to the operating system
II. VENDOR
-------------------------
Riello (https://www.riello-ups.es/)
III. DESCRIPTION
-------------------------
Riello UPS systems allow SSH access to configure the device, sometimes with the default credentials "admin:admin".
Using the "-t bash" or "-t /bin/bash" paramters it is possible to escape the restricted shell and get access to the operating system:
ssh admin@x.x.x.x -t bash