CVE-2019-14920
First published: Thu Jan 09 2020(Updated: )
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Billion Sg600 R2 Firmware | =3.02-rc6 | |
| Billion Sg600 R2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-14920?
CVE-2019-14920 is a vulnerability in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 that allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.
How severe is CVE-2019-14920?
CVE-2019-14920 has a severity rating of 8.8, which is considered critical.
Which software is affected by CVE-2019-14920?
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 is affected by CVE-2019-14920.
How can an attacker exploit CVE-2019-14920?
An authenticated attacker can exploit CVE-2019-14920 by using the hidden system_command.asp shell feature to gain root execution privileges over the device.
Is Billion Smart Energy Router SG600R2 vulnerable?
Yes, Billion Smart Energy Router SG600R2 with Firmware v3.02.rc6 is vulnerable to CVE-2019-14920.
- collector/nvd-index
- agent/tags
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/billion
- canonical/billion sg600 r2 firmware
- version/billion sg600 r2 firmware/3.02-rc6
- canonical/billion sg600 r2