CVE-2020-16204
published 2020-09-01CVE-2020-16204: The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.49%
91.8th percentile
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n-tron_702-w | 702m12-w | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-16204 exploits an undocumented (hidden/backdoor) interface on the N-Tron 702-W / 702M12-W device that allows unauthenticated remote root command execution — detect unexpected or anomalous management-plane connections to these devices, especially those not originating from known admin hosts ↗
- →The vulnerability is network-exploitable with no authentication and no user interaction required (CVSS AV:N/AC:L/PR:N/UI:N) — any inbound network traffic targeting the device's undocumented interface from untrusted networks should be treated as suspicious ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication, limiting concrete IOC availability ↗
- ·The undocumented interface is not described in detail in public sources — the exact port, protocol, or path used by the backdoor is not disclosed, preventing precise network-level signature creation ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j6rh-h9wc-gh7j: The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on th
ghsa_unreviewed·2022-05-24
CVE-2020-16204 [HIGH] CWE-912 GHSA-j6rh-h9wc-gh7j: The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on th
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
CISA ICS
Red Lion N-Tron 702-W, 702M12-W
cisa_ics·2020-08-27·CVSS 9.0
[CRITICAL] Red Lion N-Tron 702-W, 702M12-W
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Red Lion N-Tron 702-W, 702M12-W
Last RevisedAugust 27, 2020
Alert CodeICSA-20-240-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Red Lion
- Equipment: N-Tron 702-W / 702M12-W
- Vulnerabilities: Reflected Cross-site Scripting, Stored Cross-site Scripting, Cross-site Request Forgery, Hidden Functionality, Use of Unmaintained Third-Party Components
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, execute system co
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.htmlhttp://seclists.org/fulldisclosure/2020/Sep/6https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.htmlhttp://seclists.org/fulldisclosure/2020/Sep/6https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
2020-09-01
Published