CVE-2020-8797
Published Apr 23, 2020
Last updated 3 years ago
Overview
- Description
- Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 6.9
- Impact score
- 10
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6D46885D-045C-476A-AADE-7045A5F9046A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8269D90-271D-479A-AD3B-B376E060C344"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]