CVE-2020-24552: Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection
First published: Thu Sep 10 2020(Updated: )
Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atoptechnology Se5901 | >=1.18<=1.40 | |
| Atop | ||
| Atoptechnology SE5901B Firmware | >=1.18<=1.40 | |
| Atoptechnology SE5901B Firmware | ||
| Atoptechnology Se5904d | >=1.18<=1.40 | |
| Atoptechnology SE5904D Firmware | ||
| Atoptechnology Se5908 | >=1.18<=1.40 | |
| Atop Technology SE5908A | ||
| Atoptechnology Se5908a | >=1.18<=1.40 | |
| Atop Technology SE5908A | ||
| Atoptechnology Se5916 | >=1.18<=1.40 | |
| Atop | ||
| Atoptechnology Se5916a | >=1.18<=1.40 | |
| Atop |
Remedy
Update Firmware series to V1.51
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-24552?
The severity of CVE-2020-24552 is critical due to the command injection vulnerability that allows attackers to execute system commands without privilege.
How do I fix CVE-2020-24552?
To fix CVE-2020-24552, update the Atop Technology devices to the latest firmware version that is higher than 1.40.
What systems are affected by CVE-2020-24552?
CVE-2020-24552 affects various Atop Technology industrial 3G/4G gateway firmware versions between 1.18 and 1.40.
What type of vulnerability is CVE-2020-24552?
CVE-2020-24552 is a command injection vulnerability resulting from insufficient input validation.
Can CVE-2020-24552 lead to unauthorized access?
Yes, CVE-2020-24552 can lead to unauthorized access and control over affected systems due to its command injection nature.
- agent/type
- agent/severity
- agent/remedy
- agent/references
- agent/weakness
- agent/author
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atoptechnology
- canonical/atoptechnology se5901
- version/atoptechnology se5901/1.18
- version/atoptechnology se5901/1.40
- canonical/atop
- canonical/atoptechnology se5901b firmware
- version/atoptechnology se5901b firmware/1.18
- version/atoptechnology se5901b firmware/1.40
- canonical/atoptechnology se5904d
- version/atoptechnology se5904d/1.18
- version/atoptechnology se5904d/1.40
- canonical/atoptechnology se5904d firmware
- canonical/atoptechnology se5908
- version/atoptechnology se5908/1.18
- version/atoptechnology se5908/1.40
- canonical/atop technology se5908a
- canonical/atoptechnology se5908a
- version/atoptechnology se5908a/1.18
- version/atoptechnology se5908a/1.40
- canonical/atoptechnology se5916
- version/atoptechnology se5916/1.18
- version/atoptechnology se5916/1.40
- canonical/atoptechnology se5916a
- version/atoptechnology se5916a/1.18
- version/atoptechnology se5916a/1.40