PT-2020-14866 · Rangeeos · Rangeeos

Published

2020-08-20

Updated

2021-07-21

CVE-2020-16279

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RangeeOS version 8.0.4

Description The issue arises from the Kommbox component's failure to sanitize untrusted user-supplied input before passing it to the command line, leading to Remote Code Execution.

Recommendations For RangeeOS version 8.0.4, ensure that all user input is properly sanitized before it is passed to the command line to prevent Remote Code Execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-16279

Affected Products

Rangeeos

PT-2020-14866 · Rangeeos · Rangeeos

CVE-2020-16279

Weakness Enumeration

Related Identifiers

Affected Products

References · 3