CVE-2020-7242

Name of the Vulnerable Software and Affected Versions Comtech Stampede FX-1010 version 7.4.3

Description The issue allows remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. In some cases, authentication can be achieved with the comtech password for the comtech account.

Recommendations For Comtech Stampede FX-1010 version 7.4.3, consider restricting access to the Diagnostics Trace Route page to minimize the risk of exploitation. As a temporary workaround, avoid entering shell metacharacters in the Target IP address field until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.