CVE-2020-12107
CRITICALVPNCrypt M10 2.6.5 - OS Command Injection via Web Portal Text Field
Title source: llmDescription
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.stengg.com/cybersecurity
Vendor Advisory x_refsource_misc
https://www.stengg.com/media/1076253/vpncrypt-m10-cve-advisory-notice.pdf
Scores
CVSS v3
9.8
EPSS
0.0209
EPSS Percentile
79.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
stengg/vpncrypt_m10_firmware
2.6.5
Published
Aug 12, 2020
Tracked Since
Feb 18, 2026