CVE-2020-7357

Name of the Vulnerable Software and Affected Versions Cayin CMS versions 7.5 through 8.2 Cayin CME-SE version (affected versions not specified) Cayin CMS-60 version (affected versions not specified) Cayin CMS-40 version (affected versions not specified) Cayin CMS-20 version (affected versions not specified)

Description The issue is an authenticated OS semi-blind command injection vulnerability that can be exploited using default credentials. It allows the injection and execution of arbitrary shell commands as the root user through the NTP Server IP HTTP POST parameter in the system.cgi page.

Recommendations For Cayin CMS versions 7.5 through 8.2, consider disabling the NTP Server IP parameter in the system.cgi page as a temporary workaround until a patch is available. For Cayin CME-SE, CMS-60, CMS-40, and CMS-20, restrict access to the system.cgi page to minimize the risk of exploitation, as the affected versions are not specified. Avoid using the NTP Server IP parameter in the system.cgi page until the issue is resolved.