PT-2020-18603 · Aterm · Aterm Sa3500G

Narumi Hirai

Published

2020-12-14

Updated

2020-12-15

CVE-2020-5636

CVSS v3.1

6.8

Medium

Vector

AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Aterm SA3500G firmware versions prior to Ver. 3.5.9

Description The issue allows an attacker with administrative privilege to send a specially crafted request to a specific URL, which may result in arbitrary command execution.

Recommendations For Aterm SA3500G firmware versions prior to Ver. 3.5.9, update to Ver. 3.5.9 or later to resolve the issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-5636

Affected Products

Aterm Sa3500G

PT-2020-18603 · Aterm · Aterm Sa3500G

CVE-2020-5636

Weakness Enumeration

Related Identifiers

Affected Products

References · 5