CVE-2020-7504

CWE-20Improper Input Validation3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 40.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Easergy T300 Firmware
Timeline
PublishedJun 16
Latest updateMay 24

Description

A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5easergy_t300_(firmware_version_1.5.2_and_older)Easergy T300 (Firmware version 1.5.2 and older)

🔴Vulnerability Details

2
GHSA
GHSA-8393-8q55-5f3r: A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 12022-05-24
CVEList
CVE-2020-7504: A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 12020-06-16
CVE-2020-7504 (MEDIUM CVSS 5.3) | A CWE-20: Improper Input Validation | cvebase.io