Vulnerability Description
Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amino | Ak45X Firmware | - |
| Amino | Ak45X | - |
| Amino | Ak5Xx Firmware | - |
| Amino | Ak5Xx | - |
| Amino | Ak65X Firmware | - |
| Amino | Ak65X | - |
| Amino | Aria6Xx Firmware | - |
| Amino | Aria6Xx | - |
| Amino | Aria7Xx Firmware | - |
| Amino | Aria7Xx | - |
| Amino | Kami7B Firmware | - |
| Amino | Kami7B | - |
Related Weaknesses (CWE)
References
- https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#4dbcExploitThird Party Advisory
- https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#4dbcExploitThird Party Advisory
FAQ
What is CVE-2020-10209?
CVE-2020-10209 is a vulnerability with a CVSS score of 8.1 (HIGH). Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-t...
How severe is CVE-2020-10209?
CVE-2020-10209 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10209?
Check the references section above for vendor advisories and patch information. Affected products include: Amino Ak45X Firmware, Amino Ak45X, Amino Ak5Xx Firmware, Amino Ak5Xx, Amino Ak65X Firmware.