CVE-2020-7357

CRITICAL

Cayin CMS - Authenticated OS Command Injection via NTP_Server_IP Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-7357. PoCs published by h00die, Gjoko Krstic (LiquidWorm) <[email protected]>, including Metasploit module exploits/linux/http/cayin_cms_ntp.

AI-analyzed exploit summary This Metasploit module exploits an authenticated RCE vulnerability in Cayin CMS <= 11.0 via command injection in the 'ntpIp' parameter of the system_service.cgi file. It uses a cmdstager to execute a reverse shell payload in chunks due to field size limitations.

Description

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.

Exploits (1)

metasploit WORKING POC EXCELLENT

by h00die, Gjoko Krstic (LiquidWorm) <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cayin_cms_ntp.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated RCE vulnerability in Cayin CMS <= 11.0 via command injection in the 'ntpIp' parameter of the system_service.cgi file. It uses a cmdstager to execute a reverse shell payload in chunks due to field size limitations.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cayin CMS <= 11.0

Auth required

Prerequisites: Valid credentials for Cayin CMS · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch x_refsource_misc

https://github.com/rapid7/metasploit-framework/pull/13607

Exploit, Third Party Advisory x_refsource_misc

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php

Third Party Advisory, VDB Entry vendor-advisory x_refsource_ibm

https://exchange.xforce.ibmcloud.com/vulnerabilities/182925

Scores

CVSS v3 9.6

EPSS 0.3387

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Details

CWE

CWE-78

Status published

Products (8)

cayintech/cms 7.5 11175

cayintech/cms 8.0 11175

cayintech/cms 8.2 12199

cayintech/cms-20_firmware 9.0 14197 (2 CPE variants)

cayintech/cms-40_firmware 9.0 14197 (3 CPE variants)

cayintech/cms-60_firmware 11.0 19025

cayintech/cms-se-lxc_firmware

cayintech/cms-se_firmware 11.0 19179 (3 CPE variants)

Published Aug 06, 2020

Tracked Since Feb 18, 2026