CVE-2020-7357

CRITICAL

Cayintech Cms-se Firmware - OS Command Injection

Title source: rule

Description

Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.

Exploits (1)

metasploit WORKING POC EXCELLENT

by h00die, Gjoko Krstic (LiquidWorm) <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cayin_cms_ntp.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/182925

[Exploit, Patch] https://github.com/rapid7/metasploit-framework/pull/13607

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5570.php

Scores

CVSS v3 9.6

EPSS 0.7871

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Details

CWE

CWE-78

Status published

Products (8)

cayintech/cms 7.5 11175

cayintech/cms 8.0 11175

cayintech/cms 8.2 12199

cayintech/cms-20_firmware 9.0 14197 (2 CPE variants)

cayintech/cms-40_firmware 9.0 14197 (3 CPE variants)

cayintech/cms-60_firmware 11.0 19025

cayintech/cms-se_firmware 11.0 19179 (3 CPE variants)

cayintech/cms-se-lxc_firmware

Published Aug 06, 2020

Tracked Since Feb 18, 2026