Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-12500

Published: 15/10/2020 Updated: 29/04/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Es7510-xt Firmware

Vulnerability Summary

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) allows unauthenticated device administration.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pepperl-fuchs es7510-xt_firmware

pepperl-fuchs es8509-xt_firmware

pepperl-fuchs es8510-xt_firmware

pepperl-fuchs es9528-xtv2_firmware

pepperl-fuchs es7506_firmware

pepperl-fuchs es7510_firmware

pepperl-fuchs es7528_firmware

pepperl-fuchs es8508_firmware

pepperl-fuchs es8508f_firmware

pepperl-fuchs es8510_firmware

pepperl-fuchs es8510-xte_firmware

pepperl-fuchs es9528_firmware

pepperl-fuchs es9528-xt_firmware

Exploits

Exploit DB: Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 609 ...
Exploit DB: Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities ...

Mailing Lists

Full Disclosure: SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products <!--X-Subject-He ...

References

CWE-306https://cert.vde.com/de-de/advisories/vde-2020-040http://seclists.org/fulldisclosure/2021/Jun/0http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlhttps://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook