Published:2020/12/11  Last Updated:2020/12/22

JVN#55917325
Multiple vulnerabilities in Aterm SA3500G

Overview

Aterm SA3500G provided by NEC Corporation contains multiple vulnerabilities.

Products Affected

  • Aterm SA3500G firmware versions prior to Ver. 3.5.9

Description

Aterm SA3500G provided by NEC Corporation contains multiple vulnerabilities listed below.

  • OS command injection (CWE-78) - CVE-2020-5635
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8
  • OS command injection (CWE-78) - CVE-2020-5636
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • Improper Validation of Integrity Check Value (CWE-354) - CVE-2020-5637
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P/td> Base Score: 5.2

Impact

  • If an attacker who can access the device sends a specially crafted request to a specific URL, an arbitrary command may be executed - CVE-2020-5635
  • If a user sends a specially crafted request to a specific URL while logged in to the management screen of the device, an arbitrary command may be executed - CVE-2020-5636
  • An attacker who can access the management screen of the device may execute a malicious program - CVE-2020-5637

Solution

Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
NEC Corporation Vulnerable 2020/12/22

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

These vulnerabilities were reported by the following persons to IPA, and JPCERT/CC coordinated coordinated with the developer under Information Security Early Warning Partnership.

CVE-2020-5635
Shu Yoshikoshi of NetAgent Co.,Ltd. (LAC Co., Ltd.)

CVE-2020-5636 and CVE-2020-5637
Narumi Hirai of NetAgent Co.,Ltd. (LAC Co., Ltd.)

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-5635
CVE-2020-5636
CVE-2020-5637
JVN iPedia JVNDB-2020-000083

Update History

2020/12/22
NEC Corporation update status