CVE-2020-5738 - Vulnerability Details

Vendors	Products
Grandstream	Gxp1610 Gxp1610 Firmware Gxp1615 Gxp1615 Firmware Gxp1620 Gxp1620 Firmware Gxp1625 Gxp1625 Firmware Gxp1628 Gxp1628 Firmware Gxp1630 Gxp1630 Firmware

Link	Providers
https://www.tenable.com/security/research/tra-2020-22

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Grandstream GXP1600 Series", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.0.4.152 and below"}]}], "descriptions": [{"lang": "en", "value": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-14T13:48:44", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2020-22"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5738", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Grandstream GXP1600 Series", "version": {"version_data": [{"version_value": "1.0.4.152 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2020-22", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2020-22"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.629Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2020-22"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5738", "datePublished": "2020-04-14T13:48:44", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:39:25.629Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Grandstream GXP1600 Series (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.0.4.152 and below (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-59 (string)

description : CWE-59 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-04-14T13:48:44 (string)

orgId : 5ac1ecc2-367a-4d16-a0b2-35d495ddd0be (string)

shortName : tenable (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.tenable.com/security/research/tra-2020-22 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : vulnreport@tenable.com (string)

ID : CVE-2020-5738 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Grandstream GXP1600 Series (string)

version : { »

version_data : [ »

0 : { »

version_value : 1.0.4.152 and below (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-59 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.tenable.com/security/research/tra-2020-22 (string)

refsource : MISC (string)

url : https://www.tenable.com/security/research/tra-2020-22 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T08:39:25.629Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.tenable.com/security/research/tra-2020-22 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 5ac1ecc2-367a-4d16-a0b2-35d495ddd0be (string)

assignerShortName : tenable (string)

cveId : CVE-2020-5738 (string)

datePublished : 2020-04-14T13:48:44 (string)

dateReserved : 2020-01-06T00:00:00 (string)

dateUpdated : 2024-08-04T08:39:25.629Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "718E23DE-61E2-47CE-894B-E3B4EFCB761E", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:*", "matchCriteriaId": "D92122D2-AD92-4EC3-81C3-CC58C3E3C287", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0285B11D-A50B-4650-ADDE-DC1D140AB894", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:*", "matchCriteriaId": "713E836B-E61E-4E74-9026-F6470C9555F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "12FDA102-F6D4-4F67-A07C-9919FA23BB6E", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:*", "matchCriteriaId": "898FC5BB-6D88-4ED3-95FE-ACFA8D99AAD7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "427357FB-9EEE-43D8-B683-9BD412A68FC7", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:*", "matchCriteriaId": "280FCCEF-196B-4BD4-B5C2-7DECC224A84C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C15DDAE-9E8F-4BCB-8650-E70374A2A33F", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CDF28C0-982E-4DB8-8F3A-75103F2AF9A4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D23F0025-3B02-43BD-8778-C91B40424DB1", "versionEndIncluding": "1.0.4.152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:*", "matchCriteriaId": "63FC9463-51FD-493D-B2FD-4E61EC6B98CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface."}, {"lang": "es", "value": "La serie Grandstream GXP1600 versi\u00f3n de firmware 1.0.4.152 y posteriores, es vulnerable a una ejecuci\u00f3n de comandos remota autenticada cuando un atacante carga un archivo tar especialmente dise\u00f1ado en la interfaz HTTP /cgi-bin/upload_vpntar."}], "id": "CVE-2020-5738", "lastModified": "2024-11-21T05:34:30.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-14T14:15:11.930", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-22"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "vulnreport@tenable.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:grandstream:gxp1610_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 718E23DE-61E2-47CE-894B-E3B4EFCB761E (string)

versionEndIncluding : 1.0.4.152 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:grandstream:gxp1610:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D92122D2-AD92-4EC3-81C3-CC58C3E3C287 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:grandstream:gxp1615_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0285B11D-A50B-4650-ADDE-DC1D140AB894 (string)

versionEndIncluding : 1.0.4.152 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:grandstream:gxp1615:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 713E836B-E61E-4E74-9026-F6470C9555F1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:grandstream:gxp1620_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 12FDA102-F6D4-4F67-A07C-9919FA23BB6E (string)

versionEndIncluding : 1.0.4.152 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:grandstream:gxp1620:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 898FC5BB-6D88-4ED3-95FE-ACFA8D99AAD7 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:grandstream:gxp1625_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 427357FB-9EEE-43D8-B683-9BD412A68FC7 (string)

versionEndIncluding : 1.0.4.152 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:grandstream:gxp1625:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 280FCCEF-196B-4BD4-B5C2-7DECC224A84C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:grandstream:gxp1628_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2C15DDAE-9E8F-4BCB-8650-E70374A2A33F (string)

versionEndIncluding : 1.0.4.152 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:grandstream:gxp1628:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8CDF28C0-982E-4DB8-8F3A-75103F2AF9A4 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:grandstream:gxp1630_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D23F0025-3B02-43BD-8778-C91B40424DB1 (string)

versionEndIncluding : 1.0.4.152 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:grandstream:gxp1630:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 63FC9463-51FD-493D-B2FD-4E61EC6B98CA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. (string)

}

1 : { »

lang : es (string)

value : La serie Grandstream GXP1600 versión de firmware 1.0.4.152 y posteriores, es vulnerable a una ejecución de comandos remota autenticada cuando un atacante carga un archivo tar especialmente diseñado en la interfaz HTTP /cgi-bin/upload_vpntar. (string)

}

]

id : CVE-2020-5738 (string)

lastModified : 2024-11-21T05:34:30.727 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:S/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-04-14T14:15:11.930 (string)

references : [ »

0 : { »

source : vulnreport@tenable.com (string)

tags : [ »

0 : Exploit (string)

1 : Vendor Advisory (string)

]

url : https://www.tenable.com/security/research/tra-2020-22 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Vendor Advisory (string)

]

url : https://www.tenable.com/security/research/tra-2020-22 (string)

}

]

sourceIdentifier : vulnreport@tenable.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-59 (string)

}

]

source : vulnreport@tenable.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-59 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object