CVE-2020-24552 - Vulnerability Details

Vendors	Products
Atoptechnology	Se5901 Se5901 Firmware Se5901b Se5901b Firmware Se5904d Se5904d Firmware Se5908 Se5908 Firmware Se5908a Se5908a Firmware Se5916 Se5916 Firmware Se5916a Se5916a Firmware

Link	Providers
https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901", "vendor": "Atop Technology", "versions": [{"lessThanOrEqual": "1.4", "status": "affected", "version": "1.18", "versionType": "custom"}]}, {"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B", "vendor": "Atop Technology", "versions": [{"lessThanOrEqual": "1.4", "status": "affected", "version": "1.18", "versionType": "custom"}]}, {"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D", "vendor": "Atop Technology", "versions": [{"lessThanOrEqual": "1.4", "status": "affected", "version": "1.18", "versionType": "custom"}]}, {"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908", "vendor": "Atop Technology", "versions": [{"status": "affected", "version": "1.18 1.4"}]}, {"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A", "vendor": "Atop Technology", "versions": [{"status": "affected", "version": "1.18 1.4"}]}, {"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916", "vendor": "Atop Technology", "versions": [{"status": "affected", "version": "1.18 1.4"}]}, {"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A", "vendor": "Atop Technology", "versions": [{"status": "affected", "version": "1.18 1.4"}]}], "datePublic": "2020-09-10T00:00:00", "descriptions": [{"lang": "en", "value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-10T08:40:20", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"}], "solutions": [{"lang": "en", "value": "Update Firmware series to V1.51"}], "source": {"discovery": "UNKNOWN"}, "title": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-09-10T08:00:00.000Z", "ID": "CVE-2020-24552", "STATE": "PUBLIC", "TITLE": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.18", "version_value": "1.4"}]}}, {"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.18", "version_value": "1.4"}]}}, {"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.18", "version_value": "1.4"}]}}, {"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908", "version": {"version_data": [{"version_name": "1.18", "version_value": "1.4"}]}}, {"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A", "version": {"version_data": [{"version_name": "1.18", "version_value": "1.4"}]}}, {"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916", "version": {"version_data": [{"version_name": "1.18", "version_value": "1.4"}]}}, {"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A", "version": {"version_data": [{"version_name": "1.18", "version_value": "1.4"}]}}]}, "vendor_name": "Atop Technology"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78 OS Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"}]}, "solution": [{"lang": "en", "value": "Update Firmware series to V1.51"}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:09.268Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2020-24552", "datePublished": "2020-09-10T08:40:20.444489Z", "dateReserved": "2020-08-20T00:00:00", "dateUpdated": "2024-09-16T18:18:22.551Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901 (string)

vendor : Atop Technology (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.4 (string)

status : affected (string)

version : 1.18 (string)

versionType : custom (string)

}

]

}

1 : { »

product : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B (string)

vendor : Atop Technology (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.4 (string)

status : affected (string)

version : 1.18 (string)

versionType : custom (string)

}

]

}

2 : { »

product : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D (string)

vendor : Atop Technology (string)

versions : [ »

0 : { »

lessThanOrEqual : 1.4 (string)

status : affected (string)

version : 1.18 (string)

versionType : custom (string)

}

]

}

3 : { »

product : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908 (string)

vendor : Atop Technology (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.18 1.4 (string)

}

]

}

4 : { »

product : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A (string)

vendor : Atop Technology (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.18 1.4 (string)

}

]

}

5 : { »

product : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916 (string)

vendor : Atop Technology (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.18 1.4 (string)

}

]

}

6 : { »

product : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A (string)

vendor : Atop Technology (string)

versions : [ »

0 : { »

status : affected (string)

version : 1.18 1.4 (string)

}

]

}

]

datePublic : 2020-09-10T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-78 (string)

description : CWE-78 OS Command Injection (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-09-10T08:40:20 (string)

orgId : cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e (string)

shortName : twcert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html (string)

}

]

solutions : [ »

0 : { »

lang : en (string)

value : Update Firmware series to V1.51 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

AKA : TWCERT/CC (string)

ASSIGNER : cve@cert.org.tw (string)

DATE_PUBLIC : 2020-09-10T08:00:00.000Z (string)

ID : CVE-2020-24552 (string)

STATE : PUBLIC (string)

TITLE : Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901 (string)

version : { »

version_data : [ »

0 : { »

version_affected : <= (string)

version_name : 1.18 (string)

version_value : 1.4 (string)

}

]

}

1 : { »

product_name : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B (string)

version : { »

version_data : [ »

0 : { »

version_affected : <= (string)

version_name : 1.18 (string)

version_value : 1.4 (string)

}

]

}

2 : { »

product_name : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D (string)

version : { »

version_data : [ »

0 : { »

version_affected : <= (string)

version_name : 1.18 (string)

version_value : 1.4 (string)

}

]

}

3 : { »

product_name : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908 (string)

version : { »

version_data : [ »

0 : { »

version_name : 1.18 (string)

version_value : 1.4 (string)

}

]

}

4 : { »

product_name : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A (string)

version : { »

version_data : [ »

0 : { »

version_name : 1.18 (string)

version_value : 1.4 (string)

}

]

}

5 : { »

product_name : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916 (string)

version : { »

version_data : [ »

0 : { »

version_name : 1.18 (string)

version_value : 1.4 (string)

}

]

}

6 : { »

product_name : 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A (string)

version : { »

version_data : [ »

0 : { »

version_name : 1.18 (string)

version_value : 1.4 (string)

}

]

}

]

}

vendor_name : Atop Technology (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-78 OS Command Injection (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html (string)

refsource : MISC (string)

url : https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html (string)

}

]

}

solution : [ »

0 : { »

lang : en (string)

value : Update Firmware series to V1.51 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T15:12:09.268Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e (string)

assignerShortName : twcert (string)

cveId : CVE-2020-24552 (string)

datePublished : 2020-09-10T08:40:20.444489Z (string)

dateReserved : 2020-08-20T00:00:00 (string)

dateUpdated : 2024-09-16T18:18:22.551Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:atoptechnology:se5901_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5918207-0E49-459D-8B9D-C0DC044DE48F", "versionEndIncluding": "1.40", "versionStartIncluding": "1.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:atoptechnology:se5901:-:*:*:*:*:*:*:*", "matchCriteriaId": "C79C9A6A-E292-403E-AE7C-8585BF9DF9BF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:atoptechnology:se5901b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E196C85A-DD61-4AD3-9B3A-606ECD790272", "versionEndIncluding": "1.40", "versionStartIncluding": "1.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:atoptechnology:se5901b:-:*:*:*:*:*:*:*", "matchCriteriaId": "F005E3ED-A937-4E22-B7E5-A19D75BFF19E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:atoptechnology:se5904d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "04A2905F-6CB6-4034-91D4-31C35B818D6D", "versionEndIncluding": "1.40", "versionStartIncluding": "1.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:atoptechnology:se5904d:-:*:*:*:*:*:*:*", "matchCriteriaId": "993B0A78-9EF4-4CE3-97BE-83A8E5268DB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:atoptechnology:se5908_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD9F05F1-E912-4886-9FE8-B41D7B2D9329", "versionEndIncluding": "1.40", "versionStartIncluding": "1.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:atoptechnology:se5908:-:*:*:*:*:*:*:*", "matchCriteriaId": "B0A57F74-32C6-45E0-BFE0-27B3FE96AA80", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:atoptechnology:se5908a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9465E477-471B-4AD5-B997-5A767E87EF93", "versionEndIncluding": "1.40", "versionStartIncluding": "1.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:atoptechnology:se5908a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BDA1AE5-5098-4B1F-B4FD-29F9935DF6E9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:atoptechnology:se5916_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE19B5D8-FBCD-4EAE-9A6B-B50E2742146C", "versionEndIncluding": "1.40", "versionStartIncluding": "1.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:atoptechnology:se5916:-:*:*:*:*:*:*:*", "matchCriteriaId": "61C8BC8B-F1F8-4A96-85AB-820101AA570A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:atoptechnology:se5916a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E2EBD60-4323-4AAB-ABBA-DC4BCD717294", "versionEndIncluding": "1.40", "versionStartIncluding": "1.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:atoptechnology:se5916a:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D66FC6D-D307-4BA0-9807-D16C67203053", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege."}, {"lang": "es", "value": "Una puerta de enlace industrial 3G/4G de Atop Technology contiene una vulnerabilidad de Inyecci\u00f3n de Comando. Debido a una comprobaci\u00f3n de entrada insuficiente, la interfaz de administraci\u00f3n web del dispositivo permite a atacantes inyectar c\u00f3digo espec\u00edfico y ejecutar comandos del sistema sin privilegios"}], "id": "CVE-2020-24552", "lastModified": "2024-11-21T05:14:58.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 4.2, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-10T09:15:12.097", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:atoptechnology:se5901_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C5918207-0E49-459D-8B9D-C0DC044DE48F (string)

versionEndIncluding : 1.40 (string)

versionStartIncluding : 1.18 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:atoptechnology:se5901:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C79C9A6A-E292-403E-AE7C-8585BF9DF9BF (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:atoptechnology:se5901b_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E196C85A-DD61-4AD3-9B3A-606ECD790272 (string)

versionEndIncluding : 1.40 (string)

versionStartIncluding : 1.18 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:atoptechnology:se5901b:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F005E3ED-A937-4E22-B7E5-A19D75BFF19E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:atoptechnology:se5904d_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 04A2905F-6CB6-4034-91D4-31C35B818D6D (string)

versionEndIncluding : 1.40 (string)

versionStartIncluding : 1.18 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:atoptechnology:se5904d:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 993B0A78-9EF4-4CE3-97BE-83A8E5268DB9 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:atoptechnology:se5908_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FD9F05F1-E912-4886-9FE8-B41D7B2D9329 (string)

versionEndIncluding : 1.40 (string)

versionStartIncluding : 1.18 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:atoptechnology:se5908:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B0A57F74-32C6-45E0-BFE0-27B3FE96AA80 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:atoptechnology:se5908a_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9465E477-471B-4AD5-B997-5A767E87EF93 (string)

versionEndIncluding : 1.40 (string)

versionStartIncluding : 1.18 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:atoptechnology:se5908a:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 3BDA1AE5-5098-4B1F-B4FD-29F9935DF6E9 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:atoptechnology:se5916_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EE19B5D8-FBCD-4EAE-9A6B-B50E2742146C (string)

versionEndIncluding : 1.40 (string)

versionStartIncluding : 1.18 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:atoptechnology:se5916:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 61C8BC8B-F1F8-4A96-85AB-820101AA570A (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:atoptechnology:se5916a_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4E2EBD60-4323-4AAB-ABBA-DC4BCD717294 (string)

versionEndIncluding : 1.40 (string)

versionStartIncluding : 1.18 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:atoptechnology:se5916a:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2D66FC6D-D307-4BA0-9807-D16C67203053 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege. (string)

}

1 : { »

lang : es (string)

value : Una puerta de enlace industrial 3G/4G de Atop Technology contiene una vulnerabilidad de Inyección de Comando. Debido a una comprobación de entrada insuficiente, la interfaz de administración web del dispositivo permite a atacantes inyectar código específico y ejecutar comandos del sistema sin privilegios (string)

}

]

id : CVE-2020-24552 (string)

lastModified : 2024-11-21T05:14:58.607 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : COMPLETE (string)

baseScore : 9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:S/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 4.2 (number)

source : twcert@cert.org.tw (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.2 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-09-10T09:15:12.097 (string)

references : [ »

0 : { »

source : twcert@cert.org.tw (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html (string)

}

]

sourceIdentifier : twcert@cert.org.tw (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-78 (string)

}

]

source : twcert@cert.org.tw (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-78 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object