PT-2020-20286 · Linux+1 · Linux+1

Published

2020-04-23

Updated

2021-07-21

CVE-2020-8797

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Juplink RX4-1500 version 1.0.3

Description The issue allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call, also known as Command Line Injection. This can occur if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.

Recommendations For Juplink RX4-1500 version 1.0.3, consider disabling the undocumented telnetd service to minimize the risk of exploitation. Additionally, restrict admin authentication from the local network to reduce the attack surface. As a temporary workaround, avoid using the exec call until a patch is available.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-8797

Affected Products

Juplink Rx4-1500

Linux

PT-2020-20286 · Linux+1 · Linux+1

CVE-2020-8797

Weakness Enumeration

Related Identifiers

Affected Products

References · 4