CVE-2020-9027: Command Injection
First published: Mon Feb 17 2020(Updated: )
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eltex-co Ntp-2 | =3.25.1.1226 | |
| NTP | =1v5\-b\+10 | |
| Eltex-co Ntp-rg-1402g | =3.25.3.32 | |
| Eltex-co Ntp-rg-1402g Firmware | =1v10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-9027?
The severity of CVE-2020-9027 is rated as critical with a score of 9.8.
How do ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection?
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd.
Which field of the ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices is vulnerable to command injection?
The TRACE field of the resource ping.cmd on ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices is vulnerable to OS command injection.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/eltex-co
- canonical/eltex-co ntp-2
- version/eltex-co ntp-2/3.25.1.1226
- canonical/ntp
- version/ntp/1v5\-b\+10
- canonical/eltex-co ntp-rg-1402g
- version/eltex-co ntp-rg-1402g/3.25.3.32
- canonical/eltex-co ntp-rg-1402g firmware
- version/eltex-co ntp-rg-1402g firmware/1v10