CVE-2020-10209
Last modified
CVE-2020-10209 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges.. EPSS estimates a 2.75% chance of exploitation in the next 30 days.
Description
Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Amino | Ak45x Firmware | All versions |
| Amino | Ak5xx Firmware | All versions |
| Amino | Ak65x Firmware | All versions |
| Amino | Aria6xx Firmware | All versions |
| Amino | Aria7xx Firmware | All versions |
| Amino | Kami7b Firmware | All versions |
References
- https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#4dbcExploit, Third Party Advisory
- https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#4dbcExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10209?
How severe is CVE-2020-10209?
How do I fix CVE-2020-10209?
Are you affected by CVE-2020-10209?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST