CVE-2020-5636OS Command Injection in Aterm Sa3500g Firmware

CWE-78OS Command Injection3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.2%
top 52.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Necplatforms Aterm Sa3500g FirmwareNEC Corporation Aterm Sa3500g
Timeline
PublishedDec 14
Latest updateMay 24

Description

Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5nec_corporation/aterm_sa3500gfirmware versions prior to Ver. 3.5.9

🔴Vulnerability Details

2
GHSA
GHSA-3rqh-g6r9-mr2r: Aterm SA3500G firmware versions prior to Ver2022-05-24
CVEList
CVE-2020-5636: Aterm SA3500G firmware versions prior to Ver2020-12-14
CVE-2020-5636 — OS Command Injection | cvebase