CVE-2020-5546 Vulnerability Details

  /     /     /  

CVE-2020-5546 Metadata Quick Info

CVE Published: 16/03/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: jpcert | Vendor: Mitsubishi Electric Corporation | Product: Mitsubishi Electric MELQIC IU1 series
Status : PUBLISHED

---

CVE-2020-5546 Description

Improper Neutralization of Argument Delimiters in a Command (\'Argument Injection\') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Improper Neutralization of Argument Delimiters in a Command ( Argument Injection )
Source: Mitsubishi Electric Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).