CVE-2020-10209

HIGH WAF: High

CVSS 8.1 Published: 2020-12-30

CWE-78

Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges.

WAF Coverage Analysis

OS Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

Affected Software

Vendor	Product	Version
amino	ak45x_firmware	-
amino	ak5xx_firmware	-
amino	ak65x_firmware	-
amino	aria6xx_firmware	-
amino	aria7xx_firmware	-
amino	kami7b_firmware	-

References

andre-oudhof.medium.com (Exploit, Third Party Advisory)

Back to CVE Database