First published: Fri Nov 06 2020(Updated: )
NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric Coreos | <=05.65.00.bd | |
Mitsubishielectric Gt1450-qlbde | ||
Mitsubishielectric Gt1450-qmbde | ||
Mitsubishielectric Gt1450hs-qmbde | ||
Mitsubishielectric Gt1455-qtbde | ||
Mitsubishielectric Gt1455hs-qtbde |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-5646.
The severity rating of CVE-2020-5646 is high, with a severity value of 7.5.
The firmware versions GT1455-QTBDE CoreOS 05.65.00.BD and earlier, GT1450-QMBDE CoreOS 05.65.00.BD and earlier, GT1450-QLBDE CoreOS 05.65.00.BD and earlier, GT1455HS-QTBDE are affected.
To fix CVE-2020-5646, you should apply the necessary firmware updates provided by Mitsubishi Electric.
You can find more information about CVE-2020-5646 on the official websites of JVN (Japan Vulnerability Notes), US-CERT (United States Computer Emergency Readiness Team), and Mitsubishi Electric.