Iu1 1M20 D Firmware
CVE-2020-5546
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.
AnalysisAI
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-88. Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet. Affected products include: Mitsubishielectric Iu1-1M20-D Firmware. Version information: version 1.0.7.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Iu1 1M20 D Firmware
View allMultiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, whic
Resource Management Errors vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 seri
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and ear
Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series
TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and ear
Buffer error vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today