cbcvebase.
CVE-2020-6756
published 2020-01-09

CVE-2020-6756: languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang…

PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.56%
95.2th percentile
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
rasilientpixelstor_5000_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/languageOptions.php
  • Monitor HTTP requests to languageOptions.php on Rasilient PixelStor 5000 devices for unexpected or shell-command-like values in the 'lang' parameter, indicating unauthenticated RCE exploitation attempts.
  • SORA (IoT.Linux.MIRAI.DLEU) and UNSTABLE (IoT.Linux.MIRAI.DLEV) Mirai variants exploit CVE-2020-6756 to gain entry into Rasilient PixelStor5000 devices; detect these malware families on IoT/Linux endpoints.
  • Post-exploitation pattern: attackers download and execute a shell script from a C&C server, which in turn downloads and executes the SORA or UNSTABLE payload. Monitor for outbound shell script downloads followed by execution on IoT/Linux devices.
  • Monitor network traffic for increasing connection attempts to unknown domains from IoT devices, which may indicate Mirai botnet propagation activity following CVE-2020-6756 exploitation.
  • ·Vulnerability affects only Rasilient PixelStor 5000 running firmware version K:4.0.1580-20150629 (KDI Version); detections should be scoped to this specific version.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.