Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2020-12504

Published: 15/10/2020 Updated: 16/03/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Es7510-xt Firmware

Vulnerability Summary

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pepperl-fuchs es7510-xt_firmware

pepperl-fuchs es8509-xt_firmware

pepperl-fuchs es8510-xt_firmware

pepperl-fuchs es9528-xtv2_firmware

pepperl-fuchs es7506_firmware

pepperl-fuchs es7510_firmware

pepperl-fuchs es7528_firmware

pepperl-fuchs es8508_firmware

pepperl-fuchs es8508f_firmware

pepperl-fuchs es8510_firmware

pepperl-fuchs es8510-xte_firmware

pepperl-fuchs es9528_firmware

pepperl-fuchs es9528-xt_firmware

pepperl-fuchs icrl-m-8rj45\\/4sfp-g-din_firmware

pepperl-fuchs icrl-m-16rj45\\/4cp-g-din_firmware

korenix jetwave_2212s_firmware 1.5

korenix jetwave_2212g_firmware 1.4

korenix jetwave_2311_firmware 1.2

korenix jetwave_3220_firmware 1.2

korenix jetwave_3420_firmware 1.1.3t

korenix jetwave_2212x_firmware 1.5

korenix jetwave_5428g-20sfp_firmware 1.0

korenix jetwave_5810g_firmware 1.1

korenix jetwave_5310_firmware 1.5

korenix jetwave_5010_firmware 3.1a

korenix jetwave_4706f_firmware 2.3b

korenix jetwave_4706_firmware 2.3b

korenix jetwave_4510_firmware 3.0b

westermo pmi-110-f2g_firmware 1.5

Exploits

Exploit DB: Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 609 ...
Exploit DB: Korenix Technology JetWave CSRF / Command Injection / Missing Authentication
Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp action vulnerabilities ...

Mailing Lists

Full Disclosure: SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20220131-0 :: Multiple Critical Vulnerabilities in Korenix Technology JetWave products <!--X-Subject-He ...

References

CWE-912https://cert.vde.com/de-de/advisories/vde-2020-040http://seclists.org/fulldisclosure/2021/Jun/0http://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.htmlhttps://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-korenix-technology-westermo-pepperl-fuchs/https://cert.vde.com/en-us/advisories/vde-2020-053http://packetstormsecurity.com/files/165875/Korenix-Technology-JetWave-CSRF-Command-Injection-Missing-Authentication.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/162903/Korenix-CSRF-Backdoor-Accounts-Command-Injection-Missing-Authentication.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook