10

CVE-2020-16204

Exploit
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.49% 0.918
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

http://seclists.org/fulldisclosure/2020/Sep/6
Third Party Advisory
Mailing List
https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
Third Party Advisory
US Government Resource
http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html
Third Party Advisory
Exploit
VDB Entry