CVE-2020-7506

Name of the Vulnerable Software and Affected Versions Easergy T300 versions 1.5.2 and prior

Description A vulnerability exists that could allow an attacker to expose information about files and directories in the firmware of the controller and modules. This could potentially allow an attacker to reveal protected information about files and directories, as well as make changes to files. The issue is related to the use of the usual tar archiver to pack or unpack the archive with the firmware.

Recommendations For versions 1.5.2 and prior, consider restricting access to the firmware and its components to minimize the risk of exploitation. As a temporary workaround, avoid using the tar archiver to pack or unpack the firmware archive until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.