CVE-2020-5738 - Vulnerability Details - OpenCVE

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Grandstream	Gxp1610 Gxp1610 Firmware Gxp1615 Gxp1615 Firmware Gxp1620 Gxp1620 Firmware Gxp1625 Gxp1625 Firmware Gxp1628 Gxp1628 Firmware Gxp1630 Gxp1630 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.tenable.com/security/research/tra-2020-22

History

No history.

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2020-04-14T13:48:44

Updated: 2024-08-04T08:39:25.629Z

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5738

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-14T14:15:11.930

Modified: 2024-11-21T05:34:30.727

Link: CVE-2020-5738

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Grandstream GXP1600 Series", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.0.4.152 and below"}]}], "descriptions": [{"lang": "en", "value": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-14T13:48:44", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2020-22"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5738", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Grandstream GXP1600 Series", "version": {"version_data": [{"version_value": "1.0.4.152 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2020-22", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2020-22"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.629Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2020-22"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5738", "datePublished": "2020-04-14T13:48:44", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:39:25.629Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "718E23DE-61E2-47CE-894B-E3B4EFCB761E", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*", "matchCriteriaId": "D92122D2-AD92-4EC3-81C3-CC58C3E3C287", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0285B11D-A50B-4650-ADDE-DC1D140AB894", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*", "matchCriteriaId": "713E836B-E61E-4E74-9026-F6470C9555F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "12FDA102-F6D4-4F67-A07C-9919FA23BB6E", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*", "matchCriteriaId": "898FC5BB-6D88-4ED3-95FE-ACFA8D99AAD7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "427357FB-9EEE-43D8-B683-9BD412A68FC7", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*", "matchCriteriaId": "280FCCEF-196B-4BD4-B5C2-7DECC224A84C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C15DDAE-9E8F-4BCB-8650-E70374A2A33F", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CDF28C0-982E-4DB8-8F3A-75103F2AF9A4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D23F0025-3B02-43BD-8778-C91B40424DB1", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*", "matchCriteriaId": "63FC9463-51FD-493D-B2FD-4E61EC6B98CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface."}, {"lang": "es", "value": "La serie Grandstream GXP1600 versi\u00f3n de firmware 1.0.4.152 y posteriores, es vulnerable a una ejecuci\u00f3n de comandos remota autenticada cuando un atacante carga un archivo tar especialmente dise\u00f1ado en la interfaz HTTP /cgi-bin/upload_vpntar."}], "id": "CVE-2020-5738", "lastModified": "2024-11-21T05:34:30.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-14T14:15:11.930", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-22"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "vulnreport@tenable.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}