I. VULNERABILITY
-------------------------
Riello UPS systems allow to easily escape the configuration shell and get access to the operating system

II. VENDOR
-------------------------
Riello (https://www.riello-ups.es/)

III. DESCRIPTION
-------------------------
Riello UPS systems allow SSH access to configure the device, sometimes with the default credentials "admin:admin".

Using the "-t bash" or "-t /bin/bash" paramters it is possible to escape the restricted shell and get access to the operating system:

ssh admin@x.x.x.x -t bash