CVE-2020-7243

Name of the Vulnerable Software and Affected Versions Comtech Stampede FX-1010 version 7.4.3

Description The issue allows remote authenticated administrators to achieve remote code execution by navigating to the "Fetch URL" page and entering shell metacharacters in the URL field. In some cases, authentication can be achieved with the comtech password for the comtech account.

Recommendations For Comtech Stampede FX-1010 version 7.4.3, as a temporary workaround, consider restricting access to the Fetch URL page until a patch is available. Avoid entering shell metacharacters in the URL field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.