Vulnerabilities > CVE-2020-5544 - NULL Pointer Dereference vulnerability in Mitsubishielectric Iu1-1M20-D Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mitsubishielectric

CWE-476

NVD

Published: 2020-03-16

Updated: 2020-03-19

Summary

Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet.

Vulnerable Configurations

Part	Description	Count
OS	Mitsubishielectric Mitsubishielectric IU1 1M20 D Firmware *	1
Hardware	Mitsubishielectric Mitsubishielectric IU1 1M20 D -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://jvn.jp/en/vu/JVNVU92370624/index.html
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf