Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by Atop Technology
CVE-2020-24552 (GCVE-0-2020-24552)
Vulnerability from cvelistv5 – Published: 2020-09-10 08:40 – Updated: 2024-09-16 18:18
VLAI
Title
Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection
Summary
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.
Severity
5.5 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901 |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D |
Affected:
1.18 , ≤ 1.4
(custom)
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908 |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916 |
Affected:
1.18 1.4
|
|
| Atop Technology | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A |
Affected:
1.18 1.4
|
Date Public
2020-09-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:09.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D",
"vendor": "Atop Technology",
"versions": [
{
"lessThanOrEqual": "1.4",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
},
{
"product": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A",
"vendor": "Atop Technology",
"versions": [
{
"status": "affected",
"version": "1.18 1.4"
}
]
}
],
"datePublic": "2020-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device\u0027s web management interface allows attackers to inject specific code and execute system commands without privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T08:40:20.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Firmware series to V1.51"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-09-10T08:00:00.000Z",
"ID": "CVE-2020-24552",
"STATE": "PUBLIC",
"TITLE": "Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
},
{
"product_name": "3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A",
"version": {
"version_data": [
{
"version_name": "1.18",
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "Atop Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device\u0027s web management interface allows attackers to inject specific code and execute system commands without privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Firmware series to V1.51"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-24552",
"datePublished": "2020-09-10T08:40:20.444Z",
"dateReserved": "2020-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:18:22.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}