1. Home
  2. CVE Database
  3. CVE-2020-7357
CRITICAL · 9.6

CVE-2020-7357

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user t...

Vulnerability Description

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
CayintechCms-Se Firmware11.0
CayintechCms-Se-
CayintechCms-Se-Lxc Firmware-
CayintechCms-Se-Lxc-
CayintechCms-60 Firmware11.0
CayintechCms-60-
CayintechCms-40 Firmware9.0
CayintechCms-40-
CayintechCms-20 Firmware9.0
CayintechCms-20-
CayintechCms7.5

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2020-7357?

CVE-2020-7357 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user t...

How severe is CVE-2020-7357?

CVE-2020-7357 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-7357?

Check the references section above for vendor advisories and patch information. Affected products include: Cayintech Cms-Se Firmware, Cayintech Cms-Se, Cayintech Cms-Se-Lxc Firmware, Cayintech Cms-Se-Lxc, Cayintech Cms-60 Firmware.