What is CVE-2020-12124?

CVE-2020-12124 is a vulnerability in N/a. Published 2020-10-02.

Is CVE-2020-12124 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.

EPSS: 0.923 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Scorpion-Security-Labs/CVE-2020-12124
db44k/CVE-2020-12124
nomi-sec/PoC-in-GitHub

References

www.wavlink.com/en_us/product/WL-WN530H4.html (x_refsource_MISC)
cerne.xyz/bugs/CVE-2020-12124 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-12124?: CVE-2020-12124 is a vulnerability in N/a. Published 2020-10-02.
Is CVE-2020-12124 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.