- Description
- Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-78
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schmid-telecom:zi_620_v400_firmware:090:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27B9E6E9-4A8A-4F2E-BA75-819B53E667A1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schmid-telecom:zi_620_v400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CA3628E4-BD24-4C13-A190-34EB1C5A985E"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]