Vulnerability Description
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Gxp1610 Firmware | <= 1.0.4.152 |
| Grandstream | Gxp1610 | - |
| Grandstream | Gxp1615 Firmware | <= 1.0.4.152 |
| Grandstream | Gxp1615 | - |
| Grandstream | Gxp1620 Firmware | <= 1.0.4.152 |
| Grandstream | Gxp1620 | - |
| Grandstream | Gxp1625 Firmware | <= 1.0.4.152 |
| Grandstream | Gxp1625 | - |
| Grandstream | Gxp1628 Firmware | <= 1.0.4.152 |
| Grandstream | Gxp1628 | - |
| Grandstream | Gxp1630 Firmware | <= 1.0.4.152 |
| Grandstream | Gxp1630 | - |
Related Weaknesses (CWE)
References
- https://www.tenable.com/security/research/tra-2020-22ExploitVendor Advisory
- https://www.tenable.com/security/research/tra-2020-22ExploitVendor Advisory
FAQ
What is CVE-2020-5739?
CVE-2020-5739 is a vulnerability with a CVSS score of 8.8 (HIGH). Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Addition...
How severe is CVE-2020-5739?
CVE-2020-5739 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5739?
Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Gxp1610 Firmware, Grandstream Gxp1610, Grandstream Gxp1615 Firmware, Grandstream Gxp1615, Grandstream Gxp1620 Firmware.