CVE-2020-13712
MGOS Command Injection
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
20 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A command injection is possible through the user interface, allowing arbitrary command execution as
the root user. oMG2000 running MGOS 3.15.1 or earlier is affected.
MG90 running MGOS 4.2.1 or earlier is affected.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Sierra Wireless · MGOS