CVE-2020-9473

EUVD-2020-30290
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
siedlesg_150-0_firmware
𝑥
< 1.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/
https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/