CVE-2020-12246: OS Command Injection

Published Apr 29, 2020
·
Updated

Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter.

Affected Software

2 affected components
Beeline Smart Box Firmware=2.0.38
Beeline Smart Box

Event History

Apr 29, 2020
CVE Published
via MITRE·12:34 PM
Data Sourced
via MITRE·12:34 PM
Description
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2020-12246?

The severity of CVE-2020-12246 is considered critical with a CVSS score of 8.8.

2

How can the Beeline Smart Box 2.0.38 routers be affected by CVE-2020-12246?

Beeline Smart Box 2.0.38 routers are affected by CVE-2020-12246 through the "Advanced settings > Other > Diagnostics" feature.

3

What is the vulnerability description of CVE-2020-12246?

CVE-2020-12246 is a vulnerability that allows OS command injection via the Ping, Nslookup, or Traceroute parameters in the "Advanced settings > Other > Diagnostics" feature of Beeline Smart Box 2.0.38 routers.

4

Which software versions of Beeline Smart Box are affected by CVE-2020-12246?

Beeline Smart Box firmware version 2.0.38 is affected by CVE-2020-12246.

5

How can I mitigate the vulnerability in Beeline Smart Box 2.0.38 routers?

To mitigate the vulnerability in Beeline Smart Box 2.0.38 routers, it is recommended to update the firmware to a version that is not affected.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203