Vulnerability Details CVE-2020-14414
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References