Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Grandstream GWN7000 by Tenable

    CVE-2020-5756 (GCVE-0-2020-5756)

    Vulnerability from nvd – Published: 2020-07-17 20:16 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Grandstream GWN7000 Affected: Versions 1.0.9.4 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2020-41"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Grandstream GWN7000",
              "vendor": "Tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 1.0.9.4 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system\u0027s crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-489",
                  "description": "CWE-489",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-17T20:16:27.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/research/tra-2020-41"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "ID": "CVE-2020-5756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Grandstream GWN7000",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 1.0.9.4 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tenable"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system\u0027s crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-489"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/research/tra-2020-41",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/research/tra-2020-41"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2020-5756",
        "datePublished": "2020-07-17T20:16:27.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5756 (GCVE-0-2020-5756)

    Vulnerability from cvelistv5 – Published: 2020-07-17 20:16 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Grandstream GWN7000 Affected: Versions 1.0.9.4 and below
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/research/tra-2020-41"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Grandstream GWN7000",
              "vendor": "Tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 1.0.9.4 and below"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system\u0027s crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-489",
                  "description": "CWE-489",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-17T20:16:27.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/research/tra-2020-41"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "ID": "CVE-2020-5756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Grandstream GWN7000",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 1.0.9.4 and below"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tenable"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system\u0027s crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-489"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/research/tra-2020-41",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/research/tra-2020-41"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2020-5756",
        "datePublished": "2020-07-17T20:16:27.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }