Vulnerabilities > CVE-2020-16204 - Hidden Functionality vulnerability in Redlion N-Tron 702-W Firmware and N-Tron 702M12-W Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

redlion

CWE-912

critical

NVD

Published: 2020-09-01

Updated: 2022-10-14

Summary

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).

Vulnerable Configurations

Part	Description	Count
OS	Redlion Redlion N Tron 702 W Firmware * Redlion N Tron 702M12 W Firmware *	2
Hardware	Redlion Redlion N Tron 702 W - Redlion N Tron 702M12 W -	2

Common Weakness Enumeration (CWE)

CWE-912 - Hidden Functionality

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
http://seclists.org/fulldisclosure/2020/Sep/6
http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html