Plataforma
java
Componente
aircontrol
Corrigido em
1.4.3
CVE-2020-37052 describes a critical pre-authentication Remote Code Execution (RCE) vulnerability present in Rohos AirControl versions up to 1.4.2. This flaw allows an attacker to execute arbitrary system commands on the server without requiring authentication. Exploitation occurs through the /.seam endpoint by injecting malicious Java expressions, granting the attacker system-level privileges. A patch is available to address this vulnerability.
The impact of CVE-2020-37052 is severe. A successful exploit allows an unauthenticated attacker to gain complete control over the Rohos AirControl server. This can lead to data breaches, system compromise, and potential lateral movement within the network. Attackers could install malware, steal sensitive information, or disrupt services. The lack of authentication required for exploitation significantly broadens the attack surface, making this vulnerability particularly dangerous. The ability to execute arbitrary commands with system privileges grants the attacker the highest level of access, enabling them to perform virtually any action on the compromised system.
CVE-2020-37052 is a highly concerning vulnerability due to its ease of exploitation and critical impact. Public proof-of-concept (PoC) code is likely to emerge given the vulnerability's nature. While no active exploitation campaigns have been definitively confirmed, the severity and simplicity of exploitation suggest a high probability of exploitation. The vulnerability was publicly disclosed on 2026-01-30. It is recommended to prioritize remediation efforts.
Organizations utilizing Rohos AirControl for secure file transfer and remote access are at significant risk. This includes businesses relying on AirControl for internal data sharing and those providing remote access to clients or partners. Environments with limited security controls or those lacking robust WAF configurations are particularly vulnerable.
• java / server:
find / -name "*.jar" -exec grep -i '\.seam' {} \;• java / server:
ps aux | grep -i '/.seam'• generic web: Use a WAF or proxy to monitor and block requests to the /.seam endpoint, especially those containing unusual characters or patterns indicative of Java expression injection.
disclosure
Status do Exploit
EPSS
0.18% (percentil 40%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2020-37052 is to upgrade Rohos AirControl to a patched version. Rohos has released updates to address this vulnerability; consult their official advisory for the latest version. If immediate patching is not possible, consider implementing temporary workarounds such as restricting access to the /.seam endpoint through a Web Application Firewall (WAF) or proxy server. Carefully review and restrict Java execution permissions within the AirControl environment. Monitor system logs for suspicious activity related to the /.seam endpoint, looking for unusual Java execution patterns. After upgrading, confirm the vulnerability is resolved by attempting to access the /.seam endpoint with a crafted Java expression; it should be rejected.
Actualice AirControl a una versión posterior a 1.4.2 para corregir la vulnerabilidad de ejecución remota de código. Consulte el sitio web del proveedor (Ubiquiti) para obtener la última versión y las instrucciones de actualización.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2020-37052 is a critical RCE vulnerability in Rohos AirControl versions up to 1.4.2, allowing unauthenticated attackers to execute commands.
You are affected if you are running Rohos AirControl version 1.4.2 or earlier. Upgrade immediately to a patched version.
Upgrade to the latest patched version of Rohos AirControl. Consult the official Rohos advisory for details.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the Rohos Security website and their official security advisories for the latest information and patch details.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.