CVE-2020-5179

Name of the Vulnerable Software and Affected Versions Comtech Stampede FX-1010 version 7.4.3

Description The issue allows remote authenticated administrators to execute arbitrary OS commands. This can be achieved by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. In some cases, authentication can be achieved with the comtech password for the comtech account.

Recommendations For Comtech Stampede FX-1010 version 7.4.3, as a temporary workaround, consider restricting access to the Diagnostics Ping page until a patch is available. Avoid using shell metacharacters in the Target IP address field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.