CVE-2020-16205

EPSS 60.4%CWE-78

Vexday Risk Score

30Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 60.4%KEV nãoPoC —Nuclei —Metasploit simPatch —

Lifecycle

20 May 2020Metasploit module available

14 Aug 2020Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).

Affected products

n/a · G-Cam and G-Code

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/158888/Geutebruck-testaction.cgi-Remote-Command-Execution.html https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03