Remote Command Execution Vulnerability in Grandstream GWN7000 Router
CVE-2020-5756

8.8HIGH

Key Information:

Vendor: Tenable
Status: Grandstream Gwn7000
Vendor: CVE Published:; 17 July 2020

What is CVE-2020-5756?

The Grandstream GWN7000 router, specifically firmware versions up to 1.0.9.4, is exposed to a remote command execution vulnerability that allows authenticated users to manipulate the system's crontab through undocumented APIs. This flaw could enable an attacker to execute arbitrary OS commands, posing significant risks to network security and device integrity.

Affected Version(s)

Grandstream GWN7000 Versions 1.0.9.4 and below

References

https://www.tenable.com/security/research/tra-2020-41

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2020
Vulnerability Reserved
Jan 6, 2020

JSON

Tenable

What is CVE-2020-5756?

Affected Version(s)

References

CVSS V3.1

Timeline