CVE-2018-6020
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
40.1%
In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| silextechnology | sd-320an_firmware | * | cpe:2.3:o:silextechnology:sd-320an_firmware:*:*:*:*:*:*:*:* |
| silextechnology | sd-320an | - | cpe:2.3:h:silextechnology:sd-320an:-:*:*:*:*:*:*:* |
| silextechnology | geh-sd-320an_firmware | * | cpe:2.3:o:silextechnology:geh-sd-320an_firmware:*:*:*:*:*:*:*:* |
| silextechnology | geh-sd-320an | - | cpe:2.3:h:silextechnology:geh-sd-320an:-:*:*:*:*:*:*:* |
| silextechnology | geh-500_firmware | * | cpe:2.3:o:silextechnology:geh-500_firmware:*:*:*:*:*:*:*:* |
| silextechnology | geh-500 | - | cpe:2.3:h:silextechnology:geh-500:-:*:*:*:*:*:*:* |
| silextechnology | sx-500_firmware | - | cpe:2.3:o:silextechnology:sx-500_firmware:-:*:*:*:*:*:*:* |
| silextechnology | sx-500 | - | cpe:2.3:h:silextechnology:sx-500:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
40.1%