How severe is CVE-2020-7357?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2020-7357?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2020-7357

CRITICAL Year: 2020

CVSS v3 Score

9.9

Critical

CVSS v2 Score

9.0

Critical

Weakness Type

CWE-78

View all →

Vulnerability Description

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.

CVE-2017-1253

CRITICAL

CVSS:9.9(Critical)

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability...

CWE-782017

CVE-2017-2866

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP req...

CWE-782017

CVE-2017-2890

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attac...

CWE-782017

CVE-2017-2917

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker ca...

CWE-782017

CVE-2017-7175

CRITICAL

CVSS:9.9(Critical)

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).

CWE-782017

CVE-2017-8220

CRITICAL

CVSS:9.9(Critical)

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP PO...

CWE-782017

CVE-2020-7357

Vulnerability Description

Related Vulnerabilities

CVE-2017-1253

CVE-2017-2866

CVE-2017-2890

CVE-2017-2917

CVE-2017-7175

CVE-2017-8220