CVE-2020-5847

CRITICAL
2020-03-16 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
PoC Detected
Mar 17, 2026 - 14:10 vuln.today
Public exploit code
Added to CISA KEV
Mar 17, 2026 - 14:10 cisa
CISA KEV
CVE Published
Mar 16, 2020 - 18:15 nvd
CRITICAL 9.8

Tags

RCE Unraid

Description

Unraid through 6.8.0 allows Remote Code Execution.

Analysis

Unraid through 6.8.0 allows unauthenticated remote code execution (CVE-2020-5847, CVSS 9.8, EPSS 93.5%). This critical vulnerability in the popular NAS operating system enables attackers to execute arbitrary code without authentication, compromising all data stored on the NAS and all Docker containers/VMs running on the Unraid system.

Technical Context

Unraid is a Linux-based NAS operating system popular for home servers and small businesses. The RCE vulnerability allows unauthenticated command execution through the web management interface. Unraid systems typically store large amounts of personal/business data and often run Docker containers and VMs, making compromise extremely impactful.

Affected Products

['Unraid through 6.8.0']

Remediation

Update Unraid immediately. Never expose Unraid management interface to the internet. Use VPN for remote access. Audit stored data for unauthorized access.

Priority Score

213
Low Medium High Critical
KEV: +50
EPSS: +93.5
CVSS: +49
POC: +20

Share

CVE-2020-5847 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy