CVE-2020-22724

Description

A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1.

Related CPE's

o mercury mer1200_firmware 1.0.1 *******

h mercury mer1200 -*******

o mercury mer1200g_firmware 1.0.1 *******

h mercury mer1200g -*******

References

https://github.com/DarkEyeR/CVE_Apply/blob/master/Mercury/Mercury%20MER1200%20Router%20v1.0.1%20RCE%20%20.md

ExploitThird Party Advisory

CvssV3 impact

BaseSeverity	CRITICAL
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	NONE
BaseScore	9.8
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	10
VectorString	AV:N/AC:L/Au:N/C:C/I:C/A:C
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io