What the vulnerability does

01Description

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.

Key dates

02Disclosure timeline

July 17, 2020 CVE published
August 4, 2024 Record updated