Lucene search

[email protected]NVD:CVE-2020-8949

HistoryFeb 12, 2020 - 7:15 p.m.

CVE-2020-8949

2020-02-1219:15:14

CWE-78

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.095

Percentile

94.8%

JSON

Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring.

Affected configurations

Nvd

Node

goclouds2a_wl_firmwareMatch4.2.7.16471

AND

goclouds2a_wlMatch-

Node

goclouds2a_firmwareMatch4.2.7.17278

goclouds2a_firmwareMatch4.3.0.15815

goclouds2a_firmwareMatch4.3.0.17193

AND

goclouds2aMatch-

Node

goclouds3a_k2p_mtk_firmwareMatch4.2.7.16528

AND

goclouds3a_k2p_mtkMatch-

Node

goclouds3a_firmwareMatch4.3.0.16572

AND

goclouds3aMatch-

Node

gocloudisp3000_firmwareMatch4.3.0.17190

AND

gocloudisp3000Match-

VendorProductVersionCPE
goclouds2a_wl_firmware4.2.7.16471cpe:2.3:o:gocloud:s2a_wl_firmware:4.2.7.16471:*:*:*:*:*:*:*
goclouds2a_wl-cpe:2.3:h:gocloud:s2a_wl:-:*:*:*:*:*:*:*
goclouds2a_firmware4.2.7.17278cpe:2.3:o:gocloud:s2a_firmware:4.2.7.17278:*:*:*:*:*:*:*
goclouds2a_firmware4.3.0.15815cpe:2.3:o:gocloud:s2a_firmware:4.3.0.15815:*:*:*:*:*:*:*
goclouds2a_firmware4.3.0.17193cpe:2.3:o:gocloud:s2a_firmware:4.3.0.17193:*:*:*:*:*:*:*
goclouds2a-cpe:2.3:h:gocloud:s2a:-:*:*:*:*:*:*:*
goclouds3a_k2p_mtk_firmware4.2.7.16528cpe:2.3:o:gocloud:s3a_k2p_mtk_firmware:4.2.7.16528:*:*:*:*:*:*:*
goclouds3a_k2p_mtk-cpe:2.3:h:gocloud:s3a_k2p_mtk:-:*:*:*:*:*:*:*
goclouds3a_firmware4.3.0.16572cpe:2.3:o:gocloud:s3a_firmware:4.3.0.16572:*:*:*:*:*:*:*
goclouds3a-cpe:2.3:h:gocloud:s3a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gocloud	s2a_wl_firmware	4.2.7.16471	cpe:2.3:o:gocloud:s2a_wl_firmware:4.2.7.16471:::::::*
gocloud	s2a_wl	-	cpe:2.3:h:gocloud:s2a_wl:-:::::::*
gocloud	s2a_firmware	4.2.7.17278	cpe:2.3:o:gocloud:s2a_firmware:4.2.7.17278:::::::*
gocloud	s2a_firmware	4.3.0.15815	cpe:2.3:o:gocloud:s2a_firmware:4.3.0.15815:::::::*
gocloud	s2a_firmware	4.3.0.17193	cpe:2.3:o:gocloud:s2a_firmware:4.3.0.17193:::::::*
gocloud	s2a	-	cpe:2.3:h:gocloud:s2a:-:::::::*
gocloud	s3a_k2p_mtk_firmware	4.2.7.16528	cpe:2.3:o:gocloud:s3a_k2p_mtk_firmware:4.2.7.16528:::::::*
gocloud	s3a_k2p_mtk	-	cpe:2.3:h:gocloud:s3a_k2p_mtk:-:::::::*
gocloud	s3a_firmware	4.3.0.16572	cpe:2.3:o:gocloud:s3a_firmware:4.3.0.16572:::::::*
gocloud	s3a	-	cpe:2.3:h:gocloud:s3a:-:::::::*

Rows per page:

1-10 of 121

References

sku11army.blogspot.com/2020/02/gocloud-rce-in-gocloud-routers.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.095

Percentile

94.8%

JSON

Related for NVD:CVE-2020-8949

prion1 cvelist1 cve1