CVE-2020-5756
 
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
Grandstream GWN7000 versiones de firmware 1.0.9.4 y posterior, permite a usuarios autenticados remotos modificar el crontab del sistema por medio de una API no documentada. Un atacante puede usar esta funcionalidad para ejecutar comandos arbitrarios del Sistema Operativo en el enrutador
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-06 CVE Reserved
- 2020-07-17 CVE Published
- 2020-07-22 First Exploit
- 2024-08-04 CVE Updated
- 2024-08-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-489: Active Debug Code
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.tenable.com/security/research/tra-2020-41 | Not Applicable |
URL | Date | SRC |
---|---|---|
https://www.tenable.com/cve/CVE-2020-5756 | 2020-07-22 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Grandstream Search vendor "Grandstream" | Gwn7000 Firmware Search vendor "Grandstream" for product "Gwn7000 Firmware" | <= 1.0.9.4 Search vendor "Grandstream" for product "Gwn7000 Firmware" and version " <= 1.0.9.4" | - |
Affected
| in | Grandstream Search vendor "Grandstream" | Gwn7000 Search vendor "Grandstream" for product "Gwn7000" | - | - |
Safe
|