Arbitrary Command Execution Vulnerability in Aterm SA3500G Firmware by NEC
CVE-2020-5636

6.8MEDIUM

Key Information:

Vendor

Nec Corporation

Status
Aterm Sa3500g
Vendor
CVE Published:
14 December 2020

What is CVE-2020-5636?

The Aterm SA3500G firmware, specifically versions prior to 3.5.9, contains a vulnerability that allows an attacker with administrative privileges to craft a malicious request directed at a specific URL. This exploit can lead to arbitrary command execution, potentially allowing the attacker to execute unauthorized commands on the device. Users are strongly urged to update their firmware to the latest version to mitigate this risk.

Affected Version(s)

Aterm SA3500G firmware versions prior to Ver. 3.5.9

References

https://www.necplatforms.co.jp/product/security_ap/info_2...
x_refsource_MISC
https://jvn.jp/en/jp/JVN55917325/index.html
x_refsource_MISC
https://jvn.jp/jp/JVN55917325/index.html
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.