Integrity Check Bypass Vulnerability in Aterm SA3500G Firmware by NEC
CVE-2020-5637

6.8MEDIUM

Key Information:

Vendor

Nec Corporation

Status
Aterm Sa3500g
Vendor
CVE Published:
14 December 2020

What is CVE-2020-5637?

The Aterm SA3500G firmware contains a vulnerability due to improper validation of integrity check values. This flaw allows an attacker with administrative privileges to execute arbitrary code, potentially leading to unauthorized actions on the device. It is crucial for users to update to firmware version 3.5.9 or later to mitigate this risk. For more information, refer to NEC's official security advisory.

Affected Version(s)

Aterm SA3500G firmware versions prior to Ver. 3.5.9

References

https://www.necplatforms.co.jp/product/security_ap/info_2...
x_refsource_MISC
https://jvn.jp/en/jp/JVN55917325/index.html
x_refsource_MISC
https://jvn.jp/jp/JVN55917325/index.html
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.