Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2020-7357

Published: 06/08/2020 Updated: 27/07/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Cayintech

Vulnerability Summary

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cayintech cms-se_firmware 11.0

cayintech cms-se-lxc_firmware -

cayintech cms-60_firmware 11.0

cayintech cms-40_firmware 9.0

cayintech cms-20_firmware 9.0

cayintech cms 7.5

cayintech cms 8.0

cayintech cms 8.2

References

CWE-78https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/182925https://github.com/rapid7/metasploit-framework/pull/13607https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook