TVN ID | TVN-202008002 |
---|---|
CVE ID | CVE-2020-24552 |
CVSS | 5.5(Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
Affected Products | 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway series SE5901 , SE5901B, SE5904D, SE5908, SE5908A, SE5916, SE5916A Firmware v1.18~v1.40 |
Description | Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege. |
Solution | Update Firmware series to V1.51 |
Credit | Dio Lin (CHT)/ Iok-Jin Sih (CHT)/ Po-Chin, Chan (CHT) |
Public Date | 2020-09-10 |