CVE-2020-8949
published 2020-02-12CVE-2020-8949: Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows…
PriorityP278high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.83%
84.8th percentile
Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gocloud | isp3000_firmware | — | — |
| gocloud | s2a_firmware | — | — |
| gocloud | s2a_firmware | — | — |
| gocloud | s2a_firmware | — | — |
| gocloud | s2a_wl_firmware | — | — |
| gocloud | s3a_firmware | — | — |
| gocloud | s3a_k2p_mtk_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fr6x-3vx5-3qj2: Gocloud S2A_WL 4
ghsa_unreviewed·2022-05-24
CVE-2020-8949 [HIGH] GHSA-fr6x-3vx5-3qj2: Gocloud S2A_WL 4
Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring.
VulnCheck
gocloud s2a_wl_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2020·CVSS 8.8
CVE-2020-8949 [HIGH] gocloud s2a_wl_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
gocloud s2a_wl_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring.
Affected: gocloud s2a_wl_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://ti.qianxin.com/blog/articles/Dark-IoT-Botnet-Abuses-ClouDNS-and-White-Domains-for-C2-Communication-EN/; https://blog.xlab
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-02-12
Published
Exploited in the wild