Lucene search

[email protected]CVE-2020-9474

HistoryMay 07, 2020 - 9:15 p.m.

CVE-2020-9474

2020-05-0721:15:11

CWE-494

[email protected]

web.nvd.nist.gov

cve-2020-9474

s. siedle & soehne

sg 150-0 smart gateway

remote code execution

web frontend

exploit chain

network security

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway.

Affected configurations

NVD

Node

siedlesg_150-0Match-

AND

siedlesg_150-0_firmwareRange<1.2.4

CPENameOperatorVersion
siedle:sg_150-0_firmwaresiedle sg 150-0 firmwarelt1.2.4

CPE	Name	Operator	Version
siedle:sg_150-0_firmware	siedle sg 150-0 firmware	lt	1.2.4

References

research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

Related for CVE-2020-9474

prion1 nvd1 cvelist1