exploitDog

CVE-2020-23583

Опубликовано: 23 нояб. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system.

Ссылки

https://github.com/huzaifahussain98/CVE-2020-23583
Third Party Advisory
https://github.com/huzaifahussain98/CVE-2020-23583
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:optilinknetwork:op-xt71000n_firmware:3.3.1-191028:*:*:*:*:*:*:*

cpe:2.3:h:optilinknetwork:op-xt71000n:2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05893

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-77

Связанные уязвимости

GHSA-xvqh-5m2j-7624

CVSS3: 9.8

github

почти 3 года назад

OPTILINK OP-XT71000N V2.2 is vulnerable to Remote Code Execution. The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system.

EPSS

Процентиль: 90%

0.05893

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-77