Home

Description

A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected.

PUBLISHED Reserved 2020-06-01 | Published 2024-12-20 | Updated 2024-12-26 | Assigner SWI

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

all versions before 3.15.1 (Custom)
affected

Default status
unaffected

all versions before 4.2.1 (Custom)
affected

References

source.sierrawireless.com/...006---mgos-security-update.ashx

cve.org (CVE-2020-13712)

nvd.nist.gov (CVE-2020-13712)

Download JSON