← Retour aux CVEs
CVE-2020-5756
HIGH8.8
Description
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie7/17/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
grandstream:gwn7000grandstream:gwn7000_firmware
Faiblesses (CWE)
CWE-489CWE-78
References
https://www.tenable.com/security/research/tra-2020-41(vulnreport@tenable.com)
https://www.tenable.com/cve/CVE-2020-5756(nvd@nist.gov)
https://www.tenable.com/security/research/tra-2020-41(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.