Search criteria
2 vulnerabilities found for se5916_firmware by atoptechnology
CVE-2020-24552 (GCVE-0-2020-24552)
Vulnerability from nvd – Published: 2020-09-10 08:40 – Updated: 2024-09-16 18:18
VLAI
Title
Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection
Summary
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.
Severity
5.5 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901 |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908 |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916 |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A |
Affected:
1.18 1.4
|
Date Public
2020-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:09.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
}
],
"datePublic": "2020-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device\u0027s web management interface allows attackers to inject specific code and execute system commands without privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T08:40:20.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Firmware series to V1.51"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-09-10T08:00:00.000Z",
"ID": "CVE-2020-24552",
"STATE": "PUBLIC",
"TITLE": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "Atop Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device\u0027s web management interface allows attackers to inject specific code and execute system commands without privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Firmware series to V1.51"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-24552",
"datePublished": "2020-09-10T08:40:20.444Z",
"dateReserved": "2020-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:18:22.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24552 (GCVE-0-2020-24552)
Vulnerability from cvelistv5 – Published: 2020-09-10 08:40 – Updated: 2024-09-16 18:18
VLAI
Title
Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection
Summary
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.
Severity
5.5 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901 |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908 |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916 |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A |
Affected:
1.18 1.4
|
Date Public
2020-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:09.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
}
],
"datePublic": "2020-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device\u0027s web management interface allows attackers to inject specific code and execute system commands without privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T08:40:20.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Firmware series to V1.51"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-09-10T08:00:00.000Z",
"ID": "CVE-2020-24552",
"STATE": "PUBLIC",
"TITLE": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "Atop Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device\u0027s web management interface allows attackers to inject specific code and execute system commands without privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Firmware series to V1.51"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-24552",
"datePublished": "2020-09-10T08:40:20.444Z",
"dateReserved": "2020-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:18:22.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}