CVE-2020-7357

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cayintech:cms-se_firmware:11.0:19179:*:*:*:*:*:*
cpe:2.3:a:cayintech:cms-se:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cayintech:cms-se_firmware:11.0:19025:*:*:*:*:*:*
cpe:2.3:a:cayintech:cms-se:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cayintech:cms-se_firmware:11.0:18325:*:*:*:*:*:*
cpe:2.3:a:cayintech:cms-se:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cayintech:cms-se-lxc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cayintech:cms-se-lxc:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:cayintech:cms-60_firmware:11.0:19025:*:*:*:*:*:*
cpe:2.3:h:cayintech:cms-60:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:cayintech:cms-40_firmware:9.0:14197:*:*:*:*:*:*
cpe:2.3:h:cayintech:cms-40:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:cayintech:cms-40_firmware:9.0:14199:*:*:*:*:*:*
cpe:2.3:h:cayintech:cms-40:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:cayintech:cms-40_firmware:9.0:14093:*:*:*:*:*:*
cpe:2.3:h:cayintech:cms-40:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:cayintech:cms-20_firmware:9.0:14197:*:*:*:*:*:*
cpe:2.3:h:cayintech:cms-20:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:cayintech:cms-20_firmware:9.0:14092:*:*:*:*:*:*
cpe:2.3:h:cayintech:cms-20:-:*:*:*:*:*:*:*

Configuration 11 (hide)

OR cpe:2.3:o:cayintech:cms:7.5:11175:*:*:*:*:*:*
cpe:2.3:o:cayintech:cms:8.0:11175:*:*:*:*:*:*
cpe:2.3:o:cayintech:cms:8.2:12199:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
CVSS v2 : 9.0
v3 : 9.9
v2 : 9.0
v3 : 9.6
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/182925 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/182925 - Third Party Advisory, VDB Entry
References () https://github.com/rapid7/metasploit-framework/pull/13607 - Exploit, Patch () https://github.com/rapid7/metasploit-framework/pull/13607 - Exploit, Patch
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php - Exploit, Third Party Advisory () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php - Exploit, Third Party Advisory

20 Aug 2024, 11:54

Type Values Removed Values Added
CPE cpe:2.3:h:cayintech:cms-se:-:*:*:*:*:*:*:* cpe:2.3:a:cayintech:cms-se:-:*:*:*:*:*:*:*

27 Jul 2023, 13:31

Type Values Removed Values Added
References (IBM) https://exchange.xforce.ibmcloud.com/vulnerabilities/182925 - VDB Entry, Vendor Advisory (IBM) https://exchange.xforce.ibmcloud.com/vulnerabilities/182925 - Third Party Advisory, VDB Entry
References (MISC) https://github.com/rapid7/metasploit-framework/pull/13607 - Patch, Third Party Advisory (MISC) https://github.com/rapid7/metasploit-framework/pull/13607 - Exploit, Patch

Information

Published : 2020-08-06 16:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7357

Mitre link : CVE-2020-7357

CVE.ORG link : CVE-2020-7357


JSON object : View

Products Affected

cayintech

  • cms-se
  • cms-60_firmware
  • cms
  • cms-60
  • cms-se_firmware
  • cms-se-lxc_firmware
  • cms-40
  • cms-20_firmware
  • cms-40_firmware
  • cms-se-lxc
  • cms-20
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')