Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 5.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N | 1.2 | 4.2 |
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| atoptechnology | se5908a_firmware | * |
| atoptechnology | se5901_firmware | * |
| atoptechnology | se5901b_firmware | * |
| atoptechnology | se5916_firmware | * |
| atoptechnology | se5916a_firmware | * |
| atoptechnology | se5904d_firmware | * |
| atoptechnology | se5908_firmware | * |