go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection

TVN ID TVN-202008002
CVE ID CVE-2020-24552
CVSS 5.5(Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Affected Products 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway series SE5901 , SE5901B, SE5904D, SE5908, SE5908A, SE5916, SE5916A Firmware v1.18~v1.40
Description Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.
Solution Update Firmware series to V1.51
Credit Dio Lin (CHT)/ Iok-Jin Sih (CHT)/ Po-Chin, Chan (CHT)
Public Date 2020-09-10
Top