Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for n-tron_702m12-w_firmware by redlion
CVE-2020-16210 (GCVE-0-2020-16210)
Vulnerability from nvd – Published: 2020-09-01 20:44 – Updated: 2024-08-04 13:37
VLAI?
Summary
The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).
Severity ?
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | N-Tron 702-W / 702M12-W |
Affected:
Versions prior to all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "N-Tron 702-W / 702M12-W",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T20:06:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "N-Tron 702-W / 702M12-W",
"version": {
"version_data": [
{
"version_value": "Versions prior to all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16210",
"datePublished": "2020-09-01T20:44:46.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16208 (GCVE-0-2020-16208)
Vulnerability from nvd – Published: 2020-09-01 20:42 – Updated: 2024-08-04 13:37
VLAI?
Summary
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).
Severity ?
No CVSS data available.
CWE
- CWE-352 - CROSS-SITE REQUEST FORGERY (CSRF) CWE-352
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | N-Tron 702-W / 702M12-W |
Affected:
Versions prior to all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "N-Tron 702-W / 702M12-W",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T20:06:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "N-Tron 702-W / 702M12-W",
"version": {
"version_data": [
{
"version_value": "Versions prior to all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16208",
"datePublished": "2020-09-01T20:42:18.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16206 (GCVE-0-2020-16206)
Vulnerability from nvd – Published: 2020-09-01 20:40 – Updated: 2024-08-04 13:37
VLAI?
Summary
The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
Severity ?
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | N-Tron 702-W / 702M12-W |
Affected:
Versions prior to all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "N-Tron 702-W / 702M12-W",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T20:06:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "N-Tron 702-W / 702M12-W",
"version": {
"version_data": [
{
"version_value": "Versions prior to all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16206",
"datePublished": "2020-09-01T20:40:15.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:53.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16204 (GCVE-0-2020-16204)
Vulnerability from nvd – Published: 2020-09-01 20:46 – Updated: 2024-08-04 13:37
VLAI?
Summary
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
Severity ?
No CVSS data available.
CWE
- CWE-912 - HIDDEN FUNCTIONALITY (BACKDOOR) CWE-912
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | N-Tron 702-W / 702M12-W |
Affected:
Versions prior to all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "N-Tron 702-W / 702M12-W",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "HIDDEN FUNCTIONALITY (BACKDOOR) CWE-912",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T20:06:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "N-Tron 702-W / 702M12-W",
"version": {
"version_data": [
{
"version_value": "Versions prior to all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HIDDEN FUNCTIONALITY (BACKDOOR) CWE-912"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16204",
"datePublished": "2020-09-01T20:46:26.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:53.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16544 (GCVE-0-2017-16544)
Vulnerability from nvd – Published: 2017-11-20 15:00 – Updated: 2025-06-09 15:35
VLAI?
Summary
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
Date Public ?
2017-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:04.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"
},
{
"name": "USN-3935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/39"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
},
{
"name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Aug/21"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-16544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:34:08.917753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:35:03.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T18:06:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"
},
{
"name": "USN-3935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/39"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
},
{
"name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Aug/21"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"name": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8",
"refsource": "MISC",
"url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"
},
{
"name": "USN-3935-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"name": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jan/39"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
},
{
"name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Aug/21"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"name": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16544",
"datePublished": "2017-11-20T15:00:00.000Z",
"dateReserved": "2017-11-05T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:35:03.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16204 (GCVE-0-2020-16204)
Vulnerability from cvelistv5 – Published: 2020-09-01 20:46 – Updated: 2024-08-04 13:37
VLAI?
Summary
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
Severity ?
No CVSS data available.
CWE
- CWE-912 - HIDDEN FUNCTIONALITY (BACKDOOR) CWE-912
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | N-Tron 702-W / 702M12-W |
Affected:
Versions prior to all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "N-Tron 702-W / 702M12-W",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "HIDDEN FUNCTIONALITY (BACKDOOR) CWE-912",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T20:06:14.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "N-Tron 702-W / 702M12-W",
"version": {
"version_data": [
{
"version_value": "Versions prior to all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HIDDEN FUNCTIONALITY (BACKDOOR) CWE-912"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16204",
"datePublished": "2020-09-01T20:46:26.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:53.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16210 (GCVE-0-2020-16210)
Vulnerability from cvelistv5 – Published: 2020-09-01 20:44 – Updated: 2024-08-04 13:37
VLAI?
Summary
The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).
Severity ?
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | N-Tron 702-W / 702M12-W |
Affected:
Versions prior to all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "N-Tron 702-W / 702M12-W",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T20:06:16.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "N-Tron 702-W / 702M12-W",
"version": {
"version_data": [
{
"version_value": "Versions prior to all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16210",
"datePublished": "2020-09-01T20:44:46.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16208 (GCVE-0-2020-16208)
Vulnerability from cvelistv5 – Published: 2020-09-01 20:42 – Updated: 2024-08-04 13:37
VLAI?
Summary
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).
Severity ?
No CVSS data available.
CWE
- CWE-352 - CROSS-SITE REQUEST FORGERY (CSRF) CWE-352
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | N-Tron 702-W / 702M12-W |
Affected:
Versions prior to all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "N-Tron 702-W / 702M12-W",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T20:06:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "N-Tron 702-W / 702M12-W",
"version": {
"version_data": [
{
"version_value": "Versions prior to all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16208",
"datePublished": "2020-09-01T20:42:18.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:54.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16206 (GCVE-0-2020-16206)
Vulnerability from cvelistv5 – Published: 2020-09-01 20:40 – Updated: 2024-08-04 13:37
VLAI?
Summary
The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
Severity ?
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (‘CROSS-SITE SCRIPTING’) CWE-79
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | N-Tron 702-W / 702M12-W |
Affected:
Versions prior to all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "N-Tron 702-W / 702M12-W",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions prior to all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-04T20:06:15.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "N-Tron 702-W / 702M12-W",
"version": {
"version_data": [
{
"version_value": "Versions prior to all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16206",
"datePublished": "2020-09-01T20:40:15.000Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:53.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16544 (GCVE-0-2017-16544)
Vulnerability from cvelistv5 – Published: 2017-11-20 15:00 – Updated: 2025-06-09 15:35
VLAI?
Summary
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2017-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:27:04.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"
},
{
"name": "USN-3935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/39"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
},
{
"name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Aug/21"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-16544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:34:08.917753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:35:03.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T18:06:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"
},
{
"name": "USN-3935-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/39"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
},
{
"name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Aug/21"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/",
"refsource": "MISC",
"url": "https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"
},
{
"name": "[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"
},
{
"name": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8",
"refsource": "MISC",
"url": "https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"
},
{
"name": "USN-3935-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3935-1/"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Sep/7"
},
{
"name": "20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/7"
},
{
"name": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2019-0013.html"
},
{
"name": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html"
},
{
"name": "20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router \u0026 TC Cloud Client",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/15"
},
{
"name": "20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/20"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"
},
{
"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Sep/6"
},
{
"name": "20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jan/39"
},
{
"name": "[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"
},
{
"name": "20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Aug/21"
},
{
"name": "20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Jun/36"
},
{
"name": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16544",
"datePublished": "2017-11-20T15:00:00.000Z",
"dateReserved": "2017-11-05T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:35:03.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}