CVE-2020-10173

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 05, 2020
Published Date: March 05, 2020
Last Updated: August 04, 2024
Vendor: n/a
Product: n/a
Description: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploit Status

Exploited in the Wild: Yes (2026-03-21 00:00:00 UTC) Source

References

https://www.exploit-db.com/exploits/48142

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2026-03-21 00:00:00 UTC

Timeline

CVE ID Reserved

March 05, 2020
CVE Published to Public

March 05, 2020
Added to KEVIntel

March 21, 2026