CVE-2020-5739
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.
La serie Grandstream GXP1600 versión de firmware 1.0.4.152 y posteriores, es vulnerable a una ejecución de comandos remota autenticada cuando un atacante agrega un script de OpenVPN a la configuración de VPN del teléfono por medio del campo "Additional Settings" en la interfaz web. Cuando la conexión de VPN es establecida, el script definido por el usuario es ejecutado con privilegios root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-06 CVE Reserved
- 2020-04-14 CVE Published
- 2024-05-24 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.tenable.com/security/research/tra-2020-22 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Grandstream Search vendor "Grandstream" | Gxp1610 Firmware Search vendor "Grandstream" for product "Gxp1610 Firmware" | <= 1.0.4.152 Search vendor "Grandstream" for product "Gxp1610 Firmware" and version " <= 1.0.4.152" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxp1610 Search vendor "Grandstream" for product "Gxp1610" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxp1615 Firmware Search vendor "Grandstream" for product "Gxp1615 Firmware" | <= 1.0.4.152 Search vendor "Grandstream" for product "Gxp1615 Firmware" and version " <= 1.0.4.152" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxp1615 Search vendor "Grandstream" for product "Gxp1615" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxp1620 Firmware Search vendor "Grandstream" for product "Gxp1620 Firmware" | <= 1.0.4.152 Search vendor "Grandstream" for product "Gxp1620 Firmware" and version " <= 1.0.4.152" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxp1620 Search vendor "Grandstream" for product "Gxp1620" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxp1625 Firmware Search vendor "Grandstream" for product "Gxp1625 Firmware" | <= 1.0.4.152 Search vendor "Grandstream" for product "Gxp1625 Firmware" and version " <= 1.0.4.152" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxp1625 Search vendor "Grandstream" for product "Gxp1625" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxp1628 Firmware Search vendor "Grandstream" for product "Gxp1628 Firmware" | <= 1.0.4.152 Search vendor "Grandstream" for product "Gxp1628 Firmware" and version " <= 1.0.4.152" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxp1628 Search vendor "Grandstream" for product "Gxp1628" | - | - |
Safe
|
Grandstream Search vendor "Grandstream" | Gxp1630 Firmware Search vendor "Grandstream" for product "Gxp1630 Firmware" | <= 1.0.4.152 Search vendor "Grandstream" for product "Gxp1630 Firmware" and version " <= 1.0.4.152" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gxp1630 Search vendor "Grandstream" for product "Gxp1630" | - | - |
Safe
|