CVE-2020-12246

high

Description

Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter.

References

https://yadi.sk/i/jXV87yn4ZJfSHA

https://yadi.sk/i/iIUCJVaGEuSaAw

https://yadi.sk/i/YdfXr-ofAN2ZWA

https://medium.com/%40Pavel.Step/security-analysis-of-the-smart-box-router-932f86dc8a9e

Details

Source: Mitre, NVD

Published: 2020-04-29

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H