CVE-2020-10208

CRITICAL WAF: High

CVSS 9.9 Published: 2020-12-30

CWE-78

Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges.

WAF Coverage Analysis

OS Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

Affected Software

Vendor	Product	Version
amino	ak45x_firmware	-
amino	ak5xx_firmware	-
amino	ak65x_firmware	-
amino	aria6xx_firmware	-
amino	aria7xx_firmware	-
amino	kami7b_firmware	-

References

andre-oudhof.medium.com (Exploit, Third Party Advisory)

Back to CVE Database