MidnightBSD

Advisories for gocloud

CVE-2020-8949 HIGH

Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters in a ping operation, as demonstrated by the cgi-bin/webui/admin/tools/app_ping/diag_ping/; substring.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
gocloud s2a_firmware 4.3.0.15815
gocloud s2a_firmware 4.2.7.17278
gocloud s2a_firmware 4.3.0.17193
gocloud s2a_wl_firmware 4.2.7.16471
gocloud s3a_k2p_mtk_firmware 4.2.7.16528
gocloud s3a_firmware 4.3.0.16572
gocloud isp3000_firmware 4.3.0.17190