CVE-2020-24552

Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection

Description

Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.

Remediation

Solution:

Update Firmware series to V1.51

References

Link	Tags
https://www.twcert.org.tw/tw/cp-132-3956-608f1-1.html	third party advisory

Frequently Asked Questions

What is the severity of CVE-2020-24552?: CVE-2020-24552 has been scored as a medium severity vulnerability.
How to fix CVE-2020-24552?: To fix CVE-2020-24552: Update Firmware series to V1.51
Is CVE-2020-24552 being actively exploited in the wild?: It is possible that CVE-2020-24552 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-24552?: CVE-2020-24552 affects Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901, Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5901B, Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5904D, Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908, Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5908A, Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916, Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway SE5916A.

Description

Remediation

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions