CVE-2020-12774

D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
twcertCNA
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Common Weakness Enumeration
References
https://www.twcert.org.tw/tw/cp-132-3802-27204-1.html
https://www.twcert.org.tw/tw/cp-132-3802-27204-1.html