Command Injection Vulnerability in Mitsubishi Electric GOT 1000 Series
CVE-2020-5648

9.8CRITICAL

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Gt14 Model Of Got 1000 Series
Vendor: CVE Published:; 6 November 2020

Summary

The Mitsubishi Electric GOT 1000 series devices are susceptible to an argument injection vulnerability in their TCP/IP function due to improper neutralization of argument delimiters. This flaw allows unauthenticated attackers on the same adjacent network to craft malicious packets that can disrupt network functions of the affected devices. Users of the affected GT14 model variants are advised to implement security measures and update their firmware to mitigate the risks associated with this vulnerability.

Affected Version(s)

GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QLBDE CoreOS version ’05.65.00.BD’ and earlier, GT1455HS-QTBDE CoreOS version ’05.65.00.BD’ and earlier, and GT1450HS-QMBDE CoreOS version ’05.65.00.BD’ and earlier)