CVE-2020-8797: OS Command Injection
First published: Thu Apr 23 2020(Updated: )
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juplink RX4-1500 Firmware | =1.0.3 | |
| Juplink RX4-1500 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-8797?
The severity of CVE-2020-8797 is medium with a score of 6.7.
How can remote attackers gain root access through CVE-2020-8797?
Remote attackers can gain root access to the Linux subsystem by exploiting an unsanitized exec call (aka Command Line Injection) if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.
What is the affected software of CVE-2020-8797?
The affected software of CVE-2020-8797 is Juplink RX4-1500 v1.0.3.
How can I fix CVE-2020-8797?
To fix CVE-2020-8797, it is recommended to update the Juplink RX4-1500 firmware to a version that addresses the vulnerability.
What is the CWE of CVE-2020-8797?
The CWE of CVE-2020-8797 is CWE-78 (Improper Neutralization of Special Elements used in an OS Command).
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juplink
- canonical/juplink rx4-1500 firmware
- version/juplink rx4-1500 firmware/1.0.3