CVE-2020-9474
Published May 7, 2020
Last updated 5 years ago
Overview
- Description
- The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-494
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siedle:sg_150-0:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4E2A8484-6674-4D5B-AA72-EA06DBE3D97B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siedle:sg_150-0_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F33615DE-9E6E-4AB6-9E1E-7FA2DFC4693A",
"versionEndExcluding": "1.2.4"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]