CVE-2020-9473

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
siedlesg_150-0_firmware
𝑥
< 1.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/
https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/