exploitDog

CVE-2019-20488

Опубликовано: 02 мар. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter.

Ссылки

https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-netgear-wnr1000v4-round-2/
Exploit
Third Party Advisory
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/the-netgear-wnr1000v4-round-2/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:netgear:wnr1000_firmware:1.1.0.54:*:*:*:*:*:*:*

cpe:2.3:h:netgear:wnr1000:4:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05092

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-rxp5-r45j-vr8c

github

больше 3 лет назад

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter.

EPSS

Процентиль: 90%

0.05092

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78