CVE-2020-24552 (GCVE-0-2020-24552)
Vulnerability from cvelistv5 – Published: 2020-09-10 08:40 – Updated: 2024-09-16 18:18
VLAI
Title
Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection
Summary
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.
Severity
5.5 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901 |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908 |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916 |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A |
Affected:
1.18 1.4
|
Date Public
2020-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:09.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
}
],
"datePublic": "2020-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device\u0027s web management interface allows attackers to inject specific code and execute system commands without privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T08:40:20.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Firmware series to V1.51"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-09-10T08:00:00.000Z",
"ID": "CVE-2020-24552",
"STATE": "PUBLIC",
"TITLE": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "Atop Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device\u0027s web management interface allows attackers to inject specific code and execute system commands without privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Firmware series to V1.51"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-24552",
"datePublished": "2020-09-10T08:40:20.444Z",
"dateReserved": "2020-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:18:22.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-24552",
"date": "2026-06-04",
"epss": "0.01651",
"percentile": "0.82353"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-24552\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2020-09-10T09:15:12.097\",\"lastModified\":\"2024-11-21T05:14:58.607\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device\u0027s web management interface allows attackers to inject specific code and execute system commands without privilege.\"},{\"lang\":\"es\",\"value\":\"Una puerta de enlace industrial 3G/4G de Atop Technology contiene una vulnerabilidad de Inyecci\u00f3n de Comando. Debido a una comprobaci\u00f3n de entrada insuficiente, la interfaz de administraci\u00f3n web del dispositivo permite a atacantes inyectar c\u00f3digo espec\u00edfico y ejecutar comandos del sistema sin privilegios\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:atoptechnology:se5901_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18\",\"versionEndIncluding\":\"1.40\",\"matchCriteriaId\":\"C5918207-0E49-459D-8B9D-C0DC044DE48F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:atoptechnology:se5901:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79C9A6A-E292-403E-AE7C-8585BF9DF9BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:atoptechnology:se5901b_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18\",\"versionEndIncluding\":\"1.40\",\"matchCriteriaId\":\"E196C85A-DD61-4AD3-9B3A-606ECD790272\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:atoptechnology:se5901b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F005E3ED-A937-4E22-B7E5-A19D75BFF19E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:atoptechnology:se5904d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18\",\"versionEndIncluding\":\"1.40\",\"matchCriteriaId\":\"04A2905F-6CB6-4034-91D4-31C35B818D6D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:atoptechnology:se5904d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"993B0A78-9EF4-4CE3-97BE-83A8E5268DB9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:atoptechnology:se5908_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18\",\"versionEndIncluding\":\"1.40\",\"matchCriteriaId\":\"FD9F05F1-E912-4886-9FE8-B41D7B2D9329\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:atoptechnology:se5908:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0A57F74-32C6-45E0-BFE0-27B3FE96AA80\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:atoptechnology:se5908a_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18\",\"versionEndIncluding\":\"1.40\",\"matchCriteriaId\":\"9465E477-471B-4AD5-B997-5A767E87EF93\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:atoptechnology:se5908a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BDA1AE5-5098-4B1F-B4FD-29F9935DF6E9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:atoptechnology:se5916_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18\",\"versionEndIncluding\":\"1.40\",\"matchCriteriaId\":\"EE19B5D8-FBCD-4EAE-9A6B-B50E2742146C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:atoptechnology:se5916:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61C8BC8B-F1F8-4A96-85AB-820101AA570A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:atoptechnology:se5916a_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18\",\"versionEndIncluding\":\"1.40\",\"matchCriteriaId\":\"4E2EBD60-4323-4AAB-ABBA-DC4BCD717294\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:atoptechnology:se5916a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D66FC6D-D307-4BA0-9807-D16C67203053\"}]}]}],\"references\":[{\"url\":\"https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…