CVE-2020-8007

{"id": "CVE-2020-8007", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-11-08T05:15:05.300", "references": [{"url": "https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/", "source": "cve@mitre.org"}, {"url": "https://seclists.org/fulldisclosure/2024/Mar/33", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip."}, {"lang": "es", "value": "La aplicaci\u00f3n web pwrstudio de EV Charger (en el servidor de Circontrol Raption hasta 5.6.2) es vulnerable a la inyecci\u00f3n de comandos del sistema operativo a trav\u00e9s de tres campos del men\u00fa de configuraci\u00f3n para ntpserver0, ntpserver1 y pingip."}], "lastModified": "2024-11-08T19:01:03.880", "sourceIdentifier": "cve@mitre.org"}