CVE-2010-20059

NONE

—CVSS v3

—CVSS v2

48.63% EPSS (exploit probability)

CWE-78CWE

Description

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE