CVE-2020-8087

Published: Jan 27, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://sku11army.blogspot.com/2020/01/smc-networks-remote-code-execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8087

Description

Affected Products

References