PT-2024-10780 · Mg90+1 · Mg90+1
Published
2024-12-20
·
Updated
2024-12-26
·
CVE-2020-13712
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
oMG2000 versions 3.15.1 and earlier
MG90 versions 4.2.1 and earlier
Description
A command injection is possible through the user interface, allowing arbitrary command execution as the root user.
Recommendations
For oMG2000 versions 3.15.1 and earlier, update to a version later than 3.15.1 to resolve the issue.
For MG90 versions 4.2.1 and earlier, update to a version later than 4.2.1 to resolve the issue.
As a temporary workaround, consider restricting access to the user interface to minimize the risk of exploitation.
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mg90
Omg2000