CVE-2020-5756

HIGH

Grandstream GWN7000 <1.0.9.4 - Command Injection

Title source: llm
STIX 2.1

Description

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.

References (2)

Core 2
Core References
Not Applicable x_refsource_confirm
https://www.tenable.com/security/research/tra-2020-41
Exploit, Third Party Advisory
https://www.tenable.com/cve/CVE-2020-5756

Scores

CVSS v3 8.8
EPSS 0.0247
EPSS Percentile 82.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78 CWE-489
Status published
Products (1)
grandstream/gwn7000_firmware < 1.0.9.4
Published Jul 17, 2020
Tracked Since Feb 18, 2026