CVE-2020-5534

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.0HIGH

EPSS

0.2%

top 54.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Aterm Wg2600hs Firmware NEC Corporation Aterm Wg2600hs

Timeline

PublishedFeb 21

Latest updateMay 24

Description

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶NVDnec/aterm_wg2600hs_firmware1.3.2

▶CVEListV5nec_corporation/aterm_wg2600hsfirmware Ver1.3.2 and earlier

🔴Vulnerability Details

GHSA

GHSA-47fx-mr2m-65rq: Aterm WG2600HS firmware Ver1↗2022-05-24

▶

CVEList

CVE-2020-5534: Aterm WG2600HS firmware Ver1↗2020-02-21

▶