CVE-2020-16204

CRITICAL

N-Tron 702-W/702M12-W - Command Injection

Title source: llm

Description

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).

References (3)

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Sep/6

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html

Scores

CVSS v3 9.8

EPSS 0.0324

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-912

Status published

Products (2)

redlion/n-tron_702-w_firmware

redlion/n-tron_702m12-w_firmware

Published Sep 01, 2020

Tracked Since Feb 18, 2026