Vulnerability Details CVE-2020-12246
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.163
EPSS Ranking 94.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- https://medium.com/%40Pavel.Step/security-analysis-of-the-smart-box-router-932f86dc8a9e
- https://yadi.sk/i/YdfXr-ofAN2ZWA
- https://yadi.sk/i/iIUCJVaGEuSaAw
- https://yadi.sk/i/jXV87yn4ZJfSHA
- https://medium.com/%40Pavel.Step/security-analysis-of-the-smart-box-router-932f86dc8a9e
- https://yadi.sk/i/YdfXr-ofAN2ZWA
- https://yadi.sk/i/iIUCJVaGEuSaAw
- https://yadi.sk/i/jXV87yn4ZJfSHA
Products affected by CVE-2020-12246
-
cpe:2.3:h:beeline:smart_box:-
-
cpe:2.3:o:beeline:smart_box_firmware:2.0.38