CVE-2020-9474

EUVD-2020-30291
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
siedlesg_150-0_firmware
𝑥
< 1.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/
https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/