CVE-2020-5756

HIGH

Grandstream GWN7000 <1.0.9.4 - Command Injection

Title source: llm

Description

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.

References (2)

[Not Applicable] https://www.tenable.com/security/research/tra-2020-41

[Exploit, Third Party Advisory] https://www.tenable.com/cve/CVE-2020-5756

Scores

CVSS v3 8.8

EPSS 0.0130

EPSS Percentile 79.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78 CWE-489

Status published

Products (1)

grandstream/gwn7000_firmware < 1.0.9.4

Published Jul 17, 2020

Tracked Since Feb 18, 2026