CVE-2020-13712

Summary

A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. 

MG90 running MGOS 4.2.1 or earlier is affected.

Affected Software

VendorProductVersion RangeStatus
Sierra WirelessMGOSall versions before 3.15.1affected
Sierra WirelessMGOSall versions before 4.2.1affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References