CVE-2020-5635

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 38.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Necplatforms Aterm Sa3500g FirmwareNEC Corporation Aterm Sa3500g
Timeline
PublishedDec 14
Latest updateMay 24

Description

Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5nec_corporation/aterm_sa3500gfirmware versions prior to Ver. 3.5.9

🔴Vulnerability Details

2
GHSA
GHSA-fxv5-3xrg-jgx5: Aterm SA3500G firmware versions prior to Ver2022-05-24
CVEList
CVE-2020-5635: Aterm SA3500G firmware versions prior to Ver2020-12-14
CVE-2020-5635 (HIGH CVSS 8.8) | Aterm SA3500G firmware versions pri | cvebase.io