CVE-2020-10173
HIGH EXPLOITED IN THE WILDComtrend Vr-3033 Firmware - OS Command Injection
Title source: ruleDescription
Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.
Exploits (1)
exploitdb
WORKING POC
by Raki Ben Hamouda · textwebappshardware
https://www.exploit-db.com/exploits/48142
Scores
CVSS v3
8.8
EPSS
0.6518
EPSS Percentile
98.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2020-05-07
InTheWild.io
2020-07-09
CWE
CWE-78
Status
published
Products (1)
comtrend/vr-3033_firmware
de11-416ssg-c01_r02.a2pvi042j1.d26m
Published
Mar 05, 2020
Tracked Since
Feb 18, 2026