Sign-up

ID

VAR-202007-1329


CVE

CVE-2020-5756


TITLE

Grandstream GWN7000 In firmware OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-008264

DESCRIPTION

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. Grandstream GWN7000 For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GWN7000 is an enterprise-class multi-WAN gigabit VPN router

Trust: 2.16

sources: NVD: CVE-2020-5756 // JVNDB: JVNDB-2020-008264 // CNVD: CNVD-2020-44350

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-44350

AFFECTED PRODUCTS

vendor:grandstreammodel:gwn7000scope:lteversion:1.0.9.4

Trust: 1.0

vendor:grandstreammodel:gwn7000scope:eqversion:1.0.9.4

Trust: 0.8

vendor:grandstreammodel:gwn7000scope:lteversion:<=1.0.9.4

Trust: 0.6

sources: CNVD: CNVD-2020-44350 // JVNDB: JVNDB-2020-008264 // NVD: CVE-2020-5756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5756
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008264
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-44350
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-1286
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-5756
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008264
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-44350
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5756
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008264
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-44350 // JVNDB: JVNDB-2020-008264 // CNNVD: CNNVD-202007-1286 // NVD: CVE-2020-5756

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:CWE-489

Trust: 1.0

sources: JVNDB: JVNDB-2020-008264 // NVD: CVE-2020-5756

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1286

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1286

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008264

PATCH
title:GWN7000url:http://www.grandstream.com/products/networking-solutions/gigabit-routers/product/gwn7000
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-008264

EXTERNAL IDS
db:NVDid:CVE-2020-5756
Trust: 3.0
db:TENABLEid:TRA-2020-41
Trust: 1.6
db:JVNDBid:JVNDB-2020-008264
Trust: 0.8
db:CNVDid:CNVD-2020-44350
Trust: 0.6
db:NSFOCUSid:47954
Trust: 0.6
db:CNNVDid:CNNVD-202007-1286
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-44350 // 
            
            
            
            JVNDB: JVNDB-2020-008264 // 
            
            
            
            CNNVD: CNNVD-202007-1286 // 
            
            
            
            NVD: CVE-2020-5756

REFERENCES
url:https://www.tenable.com/cve/cve-2020-5756
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-5756
Trust: 2.0
url:https://www.tenable.com/security/research/tra-2020-41
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5756
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47954
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-44350 // 
            
            
            
            JVNDB: JVNDB-2020-008264 // 
            
            
            
            CNNVD: CNNVD-202007-1286 // 
            
            
            
            NVD: CVE-2020-5756

SOURCES
db:CNVDid:CNVD-2020-44350
db:JVNDBid:JVNDB-2020-008264
db:CNNVDid:CNNVD-202007-1286
db:NVDid:CVE-2020-5756

LAST UPDATE DATE
2024-11-23T22:21:04.643000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-44350date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008264date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1286date:2020-08-21T00:00:00
db:NVDid:CVE-2020-5756date:2024-11-21T05:34:32.783

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-44350date:2020-08-05T00:00:00
db:JVNDBid:JVNDB-2020-008264date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1286date:2020-07-17T00:00:00
db:NVDid:CVE-2020-5756date:2020-07-17T21:15:13.607