CVE-2020-7357

Name: CVE-2020-7357
Creator: NVD / NIST
Published: 2020-08-06T16:15:13.67+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.9/10EPSS 33.87%

Last modified Jun 17, 2026

CVE-2020-7357 is a critical-severity vulnerability rated 9.9/10 on the CVSS scale. Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. EPSS estimates a 33.87% chance of exploitation in the next 30 days.

Description

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.

Metrics

CVSS 3.1

9.9/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

33.87%

98.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Cayintech	Cms-Se Firmware	11.0	19179
Cayintech	Cms-Se-Lxc Firmware	All versions	—
Cayintech	Cms-60 Firmware	11.0	19025
Cayintech	Cms-40 Firmware	9.0	14197
Cayintech	Cms-20 Firmware	9.0	14197
Cayintech	Cms	7.5	11175
Cayintech	Cms	8.0	11175
Cayintech	Cms	8.2	12199

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/182925Third Party Advisory, VDB Entry
https://github.com/rapid7/metasploit-framework/pull/13607Exploit, Patch
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.phpExploit, Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/182925Third Party Advisory, VDB Entry
https://github.com/rapid7/metasploit-framework/pull/13607Exploit, Patch
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.phpExploit, Third Party Advisory

Timeline

Published: Aug 6, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-7357?

How severe is CVE-2020-7357?

CVE-2020-7357 has a CVSS score of 9.9/10 (CRITICAL severity). The EPSS model estimates a 33.87% probability of exploitation in the next 30 days.

How do I fix CVE-2020-7357?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-7357?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST