CVE-2020-24365

An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/160136/Gemtek-WVRTM-127ACN-01.01.02.141-Command-Injection.html	Exploit Third Party Advisory VDB Entry
https://pastebin.com/QTev1TjM	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:gemteks:wrtm-127acn_firmware:01.01.02.141:*:*:*:*:*:*:*

cpe:2.3:h:gemteks:wrtm-127acn:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:gemteks:wrtm-127x9_firmware:01.01.02.127:*:*:*:*:*:*:*

cpe:2.3:h:gemteks:wrtm-127x9:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-09-24 15:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-24365

Mitre link : CVE-2020-24365

CVE.ORG link : CVE-2020-24365

JSON object : View

Products Affected

gemteks

wrtm-127x9_firmware
wrtm-127x9
wrtm-127acn_firmware
wrtm-127acn

CWE

CWE-1188

Insecure Default Initialization of Resource

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2020-24365", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-09-24T15:15:14.437", "references": [{"url": "http://packetstormsecurity.com/files/160136/Gemtek-WVRTM-127ACN-01.01.02.141-Command-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://pastebin.com/QTev1TjM", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1188"}, {"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)"}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos Gemtek WRTM-127ACN versiones 01.01.02.141 y WRTM-127x9 versi\u00f3n 01.01.02.127. La p\u00e1gina de red Monitor Diagnostic permite a un atacante autenticado ejecutar un comando directamente sobre la m\u00e1quina de destino. Los comandos son ejecutados como usuario root (uid 0). (Incluso si es requerido un inicio de sesi\u00f3n, la mayor\u00eda de los enrutadores se quedan con las credenciales predeterminadas)."}], "lastModified": "2022-04-28T18:21:15.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gemteks:wrtm-127acn_firmware:01.01.02.141:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55DAF1BC-EDA7-402C-8E88-9CB81E23BC98"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gemteks:wrtm-127acn:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77E024A3-E6EE-4B24-AE38-DACDE17E131C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gemteks:wrtm-127x9_firmware:01.01.02.127:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D4182FD-9E29-4EB6-828E-0289A404F90B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gemteks:wrtm-127x9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD01AD81-386B-4EE1-91FF-134495D46969"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}