PT-2020-15003 · Seowon Intech · Slc-130+1
Aryan Chehreghani
·
Published
2020-08-19
·
Updated
2022-04-22
·
CVE-2020-17456
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SEOWON INTECH SLC-130 and SLR-120S devices (affected versions not specified)
Description
The issue allows for Remote Code Execution via the
ipAddr parameter to the "system log.cgi" page. This enables an attacker to execute arbitrary code on the affected devices.Recommendations
For SEOWON INTECH SLC-130 and SLR-120S devices, avoid using the
ipAddr parameter in the "system log.cgi" page until a fix is available. As a temporary workaround, consider restricting access to the "system log.cgi" page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Slc-130
Slr-120S