Vulnerability Description
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Seowonintech | Slc-130 Firmware | - |
| Seowonintech | Slc-130 | - |
| Seowonintech | Slr-120S Firmware | - |
| Seowonintech | Slr-120S | - |
| Seowonintech | Slr-120S42G Firmware | All versions |
| Seowonintech | Slr-120S42G | - |
| Seowonintech | Slr-120D42G Firmware | All versions |
| Seowonintech | Slr-120D42G | - |
| Seowonintech | Slr-120T42G Firmware | All versions |
| Seowonintech | Slr-120T42G | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-ExThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-ExThird Party AdvisoryVDB Entry
- https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-UnaExploitThird Party Advisory
- https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50821Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-ExThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-ExThird Party AdvisoryVDB Entry
- https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-UnaExploitThird Party Advisory
- https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/50821Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-17456?
CVE-2020-17456 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
How severe is CVE-2020-17456?
CVE-2020-17456 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-17456?
Check the references section above for vendor advisories and patch information. Affected products include: Seowonintech Slc-130 Firmware, Seowonintech Slc-130, Seowonintech Slr-120S Firmware, Seowonintech Slr-120S, Seowonintech Slr-120S42G Firmware.