CVE-2020-10176

CRITICAL

ASSA ABLOY Yale WIPC-301W 2.x.2.29-2.x.2.43_p1 - Remote Code Execution via Eval Injection

Title source: llm
STIX 2.1

Description

ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0227
EPSS Percentile 80.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (2)
assaabloy/yale_wipc-301w_firmware 2.x.2.43 (2 CPE variants)
assaabloy/yale_wipc-301w_firmware 2.x.2.29 - 2.x.2.43
Published May 07, 2020
Tracked Since Feb 18, 2026