S. Siedle & Soehne SG 150-0 Smart Gateway Competitive Conditions Issue Vulnerability

S.Siedle & Soehne SG 150-0 Smart Gateway is a home smart gateway product from S.Siedle & Soehne, Germany. A security vulnerability exists in the S.Siedle & Soehne SG 150-0 Smart Gateway versions prior to 1.2.4. The vulnerability can be exploited by an attacker to gain root access to the gateway...

CVE-2020-9474

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

CVE-2020-9475

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

Race condition

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

Remote code execution

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

CVE-2020-9475

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

CVE-2020-9475

The S. Siedle & Soehne SG 150-0 Smart Gateway (versions before 1.2.4) is affected by a local privilege escalation due to a race condition in logrotate. An attacker with network access can chain exploits to gain root access on the gateway. The issue is documented across multiple sources (e.g., CVE...

CVE-2020-9474

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

CVE-2020-9474

The SG 150-0 Smart Gateway from S.Siedle & Soehne is affected prior to version 1.2.4. A remote code execution exists via the backup function in the web frontend, and an attacker with network access can escalate to root on the gateway. Remediation: upgrade to version 1.2.4 or later (as cited in CN...

CVE-2020-9473

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

Design/Logic Flaw

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

CVE-2020-9473

CVE-2020-9473 affects the S. Siedle & Soehne SG 150-0 Smart Gateway older than 1.2.4. It documents a passwordless ftp/SSH user, allowing an attacker with network access to chain exploits and achieve root access on the gateway. CVSS metrics from the sources indicate high impact (I/H, A/H) with net...

CVE-2020-9473

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

SSH Brute Force Logins With Default Credentials Reporting

It was possible to login into the remote SSH server using default credentials. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...