CVE-2020-13712

HIGH

oMG2000 <3.15.1 - Command Injection, MG90 <4.2.1 - Command Injection

Title source: llm

Description

A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected.

References (1)

Core 1

Core References

Various Sources

https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2020-006---mgos-security-update.ashx

Scores

CVSS v3 7.8

EPSS 0.0059

EPSS Percentile 43.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77 CWE-78

Status published

Products (2)

Sierra Wireless/MGOS all versions before 3.15.1

Sierra Wireless/MGOS all versions before 4.2.1

Published Dec 20, 2024

Tracked Since Feb 18, 2026