Description
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://cerne.xyz/bugs/CVE-2020-8797.html
Scores
CVSS v3
6.7
EPSS
0.0089
EPSS Percentile
55.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
juplink/rx4-1500_firmware
1.0.3
Published
Apr 23, 2020
Tracked Since
Feb 18, 2026