Main Vulnerability Database Vulnerabilities #VU25449

OS Command Injection in Aterm WG2600HS - CVE-2020-5534

Published: February 19, 2020

Vulnerability identifier: #VU25449

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-5534

CWE-ID: CWE-78

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: NEC Corporation

Affected software:
Aterm WG2600HS

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote user on the local network who can login to the HTTP service of the device may execute an arbitrary OS command with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2020-5534

Install updates from vendor's website.

Sources

https://jvn.jp/en/jp/JVN49410695/index.html
https://jpn.nec.com/security-info/secinfo/nv20-003.html

OS Command Injection in Aterm WG2600HS - CVE-2020-5534

Detailed vulnerability description

How to mitigate CVE-2020-5534

Sources

Please verify you're human