Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection
CVE-2020-24552

5.5MEDIUM

Key Information:

Vendor: Atop Technology
Status: 3g/4g Lte Cellular To Ethernet And Serial Secure Industrial Gateway Se5901; 3g/4g Lte Cellular To Ethernet And Serial Secure Industrial Gateway Se5901b; 3g/4g Lte Cellular To Ethernet And Serial Secure Industrial Gateway Se5904d; 3g/4g Lte Cellular To Ethernet And Serial Secure Industrial Gateway Se5908
Vendor: CVE Published:; 10 September 2020

🔔 Create Atop Technology Vulnerability Alert

What is CVE-2020-24552?

Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.

Affected Version(s)

3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901 1.18 <= 1.4

3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B 1.18 <= 1.4

3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D 1.18 <= 1.4

References

https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2020
Vulnerability Reserved
Aug 20, 2020

CVE-2020-24552 Data

JSON