CVE-2020-17456 - OpenCVE

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Seowonintech	Slc-130 Firmware Slr-120s Firmware Slr-120t42g Slr-120s42g Firmware Slc-130 Slr-120d42g Firmware Slr-120d42g Slr-120s42g Slr-120s Slr-120t42g Firmware

Configuration 1 [-]

AND

cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:seowonintech:slc-130:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:seowonintech:slr-120s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:seowonintech:slr-120s:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:seowonintech:slr-120s42g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:seowonintech:slr-120s42g:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:seowonintech:slr-120d42g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:seowonintech:slr-120d42g:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:seowonintech:slr-120t42g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:seowonintech:slr-120t42g:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html	Third Party Advisory VDB Entry
https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticated	Exploit Third Party Advisory
https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/	Exploit Third Party Advisory
https://www.exploit-db.com/exploits/50821	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-19T18:20:46

Updated: 2022-03-11T21:36:53

Reserved: 2020-08-09T00:00:00

Link: CVE-2020-17456

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-08-20T01:17:13.993

Modified: 2022-04-22T16:02:31.303

Link: CVE-2020-17456

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-11T21:36:53", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticated"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/50821"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-17456", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/", "refsource": "MISC", "url": "https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/"}, {"name": "http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html"}, {"name": "http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html"}, {"name": "https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticated", "refsource": "MISC", "url": "https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticated"}, {"name": "https://www.exploit-db.com/exploits/50821", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/50821"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-17456", "datePublished": "2020-08-19T18:20:46", "dateReserved": "2020-08-09T00:00:00", "dateUpdated": "2022-03-11T21:36:53", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "466E26CB-1416-4127-9D34-76CD022956F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:seowonintech:slc-130:-:*:*:*:*:*:*:*", "matchCriteriaId": "D884694A-844E-4DBE-AE05-7F684BBA087B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:seowonintech:slr-120s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32228E42-6BAF-4F9D-925D-697CB3E0E1F9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:seowonintech:slr-120s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F3114F7-807C-4C9C-9F1A-E97A84B0F709", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:seowonintech:slr-120s42g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF33FAF6-4254-4ED7-84DB-2703EC59268D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:seowonintech:slr-120s42g:-:*:*:*:*:*:*:*", "matchCriteriaId": "B995A314-6B5F-4B5B-B66A-38256E23F71A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:seowonintech:slr-120d42g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A12077DD-C8C9-40DC-A66B-7F097272CAE3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:seowonintech:slr-120d42g:-:*:*:*:*:*:*:*", "matchCriteriaId": "53D44578-A84F-49A9-9F19-FC5F0BC9919D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:seowonintech:slr-120t42g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3FA61255-0FA1-45AF-92B0-C0522F425E63", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:seowonintech:slr-120t42g:-:*:*:*:*:*:*:*", "matchCriteriaId": "33C989C2-03FA-4881-9E6B-68B8E1BE7B54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page."}, {"lang": "es", "value": "Los dispositivos SEOWON INTECH versiones SLC-130 y SLR-120S, permiten una ejecuci\u00f3n de c\u00f3digo remota por medio del par\u00e1metro ipAddr en la p\u00e1gina system_log.cgi."}], "id": "CVE-2020-17456", "lastModified": "2022-04-22T16:02:31.303", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-20T01:17:13.993", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticated"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/50821"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}