CVE-2020-5546

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mitsubishielectric:iu1-1m20-d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mitsubishielectric:iu1-1m20-d:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:34

Type Values Removed Values Added
References () https://jvn.jp/en/vu/JVNVU92370624/index.html - Third Party Advisory () https://jvn.jp/en/vu/JVNVU92370624/index.html - Third Party Advisory
References () https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf - Patch, Vendor Advisory () https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf - Patch, Vendor Advisory

Information

Published : 2020-03-16 02:15

Updated : 2024-11-21 05:34


NVD link : CVE-2020-5546

Mitre link : CVE-2020-5546

CVE.ORG link : CVE-2020-5546


JSON object : View

Products Affected

mitsubishielectric

  • iu1-1m20-d
  • iu1-1m20-d_firmware
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')