Vulnerability Description
Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gpononu | 1Ge Router Wifi Onu V2801Rw Firmware | >= 1.9.1-181203, <= 2.9.0-181024 |
| Gpononu | 1Ge Router Wifi Onu V2801Rw | - |
| Gpononu | 1Ge\+3Fe\+Wifi Onu V2804Rgw Firmware | >= 1.9.1-181203, <= 2.9.0-181024 |
| Gpononu | 1Ge\+3Fe\+Wifi Onu V2804Rgw | - |
Related Weaknesses (CWE)
References
- https://github.com/qurbat/gponExploitThird Party Advisory
- https://www.gpononu.com/dual-mode-onu/1GE-Router-WiFi-ONU.htmlProduct
- https://www.gpononu.com/gpon-ont/4ge-epon-onu-v2804ew.htmlProduct
- https://www.karansaini.com/os-command-injection-v-sol/ExploitThird Party Advisory
- https://github.com/qurbat/gponExploitThird Party Advisory
- https://www.gpononu.com/dual-mode-onu/1GE-Router-WiFi-ONU.htmlProduct
- https://www.gpononu.com/gpon-ont/4ge-epon-onu-v2804ew.htmlProduct
- https://www.karansaini.com/os-command-injection-v-sol/ExploitThird Party Advisory
FAQ
What is CVE-2020-8958?
CVE-2020-8958 is a vulnerability with a CVSS score of 7.2 (HIGH). Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in t...
How severe is CVE-2020-8958?
CVE-2020-8958 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8958?
Check the references section above for vendor advisories and patch information. Affected products include: Gpononu 1Ge Router Wifi Onu V2801Rw Firmware, Gpononu 1Ge Router Wifi Onu V2801Rw, Gpononu 1Ge\+3Fe\+Wifi Onu V2804Rgw Firmware, Gpononu 1Ge\+3Fe\+Wifi Onu V2804Rgw.