CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.579

EPSS Ranking 98.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://www.exploit-db.com/exploits/48142
https://www.exploit-db.com/exploits/48142

Products affected by CVE-2020-10173

Comtrend » Vr-3033 » Version: N/A

cpe:2.3:h:comtrend:vr-3033:-
Comtrend » Vr-3033 Firmware » Version: de11-416ssg-c01_r02.a2pvi042j1.d26m

cpe:2.3:o:comtrend:vr-3033_firmware:de11-416ssg-c01_r02.a2pvi042j1.d26m

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-10173

Products

Pricing

Contact Us