9
CVE-2020-8949
- EPSS 3.78%
- Veröffentlicht 12.02.2020 19:15:14
- Zuletzt bearbeitet 21.11.2024 05:39:43
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginGocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gocloud ≫ S2a Wl Firmware Version4.2.7.16471
Gocloud ≫ S2a Firmware Version4.2.7.17278
Gocloud ≫ S2a Firmware Version4.3.0.15815
Gocloud ≫ S2a Firmware Version4.3.0.17193
Gocloud ≫ S3a K2p Mtk Firmware Version4.2.7.16528
Gocloud ≫ S3a Firmware Version4.3.0.16572
Gocloud ≫ Isp3000 Firmware Version4.3.0.17190
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.78% | 0.876 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.