OS Command Injection
Publish date:
19 August 2020
Identifier:
CVE-2020-16279
Manufacturer:
Rangee GmbH
Product:
RangeeOS 8.0.4
Authors:
Andre Waldhoff and Bastian Kanbach
Description:
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization.
Timeline:
20 February 2019: Vulnerabilities sent to vendor
20 March 2019: CVE request sent to mitre; automatic response from Mitre that they received the request
23 May 2019: Requested an update from Mitre about the status of the CVE numbers
30 August 2019: Requested an update from Mitre about the status of the CVE numbers
10 August 2020: Response from Mitre, containing the assigned CVE IDs
14 August 2020: Vendor confirmed that fixes were issued
19 August 2020: CVEs published