CVE-2020-5635

Опубликовано: 14 дек. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 5.8

EPSS Низкий

Описание

Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.

Ссылки

https://jvn.jp/en/jp/JVN55917325/index.html
Third Party Advisory
https://jvn.jp/jp/JVN55917325/index.html
Third Party Advisory
https://www.necplatforms.co.jp/product/security_ap/info_20201211.html
Vendor Advisory
https://jvn.jp/en/jp/JVN55917325/index.html
Third Party Advisory
https://jvn.jp/jp/JVN55917325/index.html
Third Party Advisory
https://www.necplatforms.co.jp/product/security_ap/info_20201211.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:necplatforms:aterm_sa3500g_firmware:*:*:*:*:*:*:*:*

Версия до 3.5.9 (исключая)

cpe:2.3:h:necplatforms:aterm_sa3500g:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00414

Низкий

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-fxv5-3xrg-jgx5

github

больше 3 лет назад