CVE-2020-16206
published 2020-09-01CVE-2020-16206: The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive…
PriorityP344critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
3.23%
86.7th percentile
The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n-tron_702-w | 702m12-w | — | — |
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Red Lion N-Tron 702-W, 702M12-W
cisa_ics·2020-08-27·CVSS 9.0
[CRITICAL] Red Lion N-Tron 702-W, 702M12-W
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Red Lion N-Tron 702-W, 702M12-W
Last RevisedAugust 27, 2020
Alert CodeICSA-20-240-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Red Lion
- Equipment: N-Tron 702-W / 702M12-W
- Vulnerabilities: Reflected Cross-site Scripting, Stored Cross-site Scripting, Cross-site Request Forgery, Hidden Functionality, Use of Unmaintained Third-Party Components
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, execute system co
GHSA
GHSA-422c-j857-w7c6: The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to se
ghsa_unreviewed·2022-05-24
CVE-2020-16206 [LOW] CWE-79 GHSA-422c-j857-w7c6: The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to se
The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.htmlhttp://seclists.org/fulldisclosure/2020/Sep/6https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.htmlhttp://seclists.org/fulldisclosure/2020/Sep/6https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
2020-09-01
Published