CVE-2020-29574 - CyberoamOS (CROS) SQL Injection Vulnerability

: Sophos | CyberoamOS

Date Added:
2025-02-06

Due Date:
2025-02-27

Vulnerability Name: CyberoamOS (CROS) SQL Injection Vulnerability

Description: CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Additional Notes: https://support.sophos.com/support/s/article/KBA-000007526 ; https://nvd.nist.gov/vuln/detail/CVE-2020-29574

Related News Articles: XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web ShellsFebruary 10, 2025

Free online web security scanner

Don't show website scan report rating on the leaderboard