CVE-2020-5738

High

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a…

tenable·CWE-59·Published 2020-04-14

CVSS

8.8

EPSS

0.05

KEV

Exploits

cve.orgen

211 chars

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.

NVDen

211 chars

NVDes

241 chars

La serie Grandstream GXP1600 versión de firmware 1.0.4.152 y posteriores, es vulnerable a una ejecución de comandos remota autenticada cuando un atacante carga un archivo tar especialmente diseñado en la interfaz HTTP /cgi-bin/upload_vpntar.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	9.0	8.0	10.0	AV:N/AC:L/Au:S/C:C/I:C/A:C
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H