Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@usom.gov.tr | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bg-tek | coslat_rm2s200_firmware | * |
| bg-tek | coslat_bx5s1d4_firmware | * |
| bg-tek | coslat_rm1ds1000_firmware | * |
| bg-tek | coslat_rm3s300_firmware | * |
| bg-tek | coslat_bx5s1d3_firmware | * |
| bg-tek | coslat_rm4s500_firmware | * |
| bg-tek | coslat_bx5s1d5_firmware | * |
| bg-tek | coslat_rm2ds2000_firmware | * |
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation.This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not supported.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bg-tek | coslat | * |