MidnightBSD

Advisories for atoptechnology

CVE-2020-24552 HIGH

Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N 1.2 4.2
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
atoptechnology se5908a_firmware *
atoptechnology se5901_firmware *
atoptechnology se5901b_firmware *
atoptechnology se5916_firmware *
atoptechnology se5916a_firmware *
atoptechnology se5904d_firmware *
atoptechnology se5908_firmware *