Skip to main content
CVE-2020-7240 HIGH POC This Week

Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lantime M300 Firmware Lantime M1000 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-7237 HIGH POC THREAT This Week

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection PHP Cacti
NVD GitHub
CVSS 3.1
8.8
EPSS
36.8%
CVE-2020-7241 HIGH POC This Week

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Wp Database Backup
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-7244 HIGH POC This Week

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Stampede Fx 1010 Firmware
NVD
CVSS 3.1
7.2
EPSS
4.2%
CVE-2020-7243 HIGH POC This Week

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Stampede Fx 1010 Firmware
NVD
CVSS 3.1
7.2
EPSS
4.2%
CVE-2020-7242 HIGH POC This Week

Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Stampede Fx 1010 Firmware
NVD
CVSS 3.1
7.2
EPSS
4.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy