First published: Wed Apr 29 2020(Updated: )
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Beeline Smart Box Firmware | =2.0.38 | |
Beeline Smart Box |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-12246 is considered critical with a CVSS score of 8.8.
Beeline Smart Box 2.0.38 routers are affected by CVE-2020-12246 through the "Advanced settings > Other > Diagnostics" feature.
CVE-2020-12246 is a vulnerability that allows OS command injection via the Ping, Nslookup, or Traceroute parameters in the "Advanced settings > Other > Diagnostics" feature of Beeline Smart Box 2.0.38 routers.
Beeline Smart Box firmware version 2.0.38 is affected by CVE-2020-12246.
To mitigate the vulnerability in Beeline Smart Box 2.0.38 routers, it is recommended to update the firmware to a version that is not affected.