Command Injection Vulnerability in Sierra Wireless MGOS Products
CVE-2020-13712

7.8HIGH

Key Information:

Vendor: Sierra Wireless
Status: Mgos
Vendor: CVE Published:; 20 December 2024

🔔 Create Sierra Wireless Vulnerability Alert

What is CVE-2020-13712?

CVE-2020-13712 is a critical command injection vulnerability identified in the Sierra Wireless MGOS products. This security flaw allows unauthorized users to execute arbitrary commands with root privileges via the user interface. The affected devices include oMG2000 running MGOS version 3.15.1 or earlier and MG90 running MGOS version 4.2.1 or earlier. This vulnerability poses significant security risks, as it can lead to full system compromise if exploited. Users of these products are strongly advised to apply security updates immediately to mitigate this risk.

Affected Version(s)

MGOS MG90 all versions before 4.2.1

MGOS oMG2000 all versions before 3.15.1

References

https://source.sierrawireless.com/-/media/support_downloa...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2024
Vulnerability Reserved
Jun 1, 2020

JSON