Описание
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
Ссылки
- Not Applicable
- ExploitThird Party Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.9.4 (включая)
Одновременно
cpe:2.3:o:grandstream:gwn7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:grandstream:gwn7000:-:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01756
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-489
CWE-78
Связанные уязвимости
github
больше 3 лет назад
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
EPSS
Процентиль: 82%
0.01756
Низкий
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-489
CWE-78