CVE-2020-5330

HIGH

Dell R1-2210 Firmware < 3.0.1.2 - Information Disclosure

Title source: rule

Description

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.

Exploits (1)

exploitdb WORKING POC

by Ken Pyle · pythonremotehardware

https://www.exploit-db.com/exploits/51248

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/171723/Cisco-Dell-Netgear-Information-Disclosure-Hash-Decrypter.html

[Vendor Advisory] https://www.dell.com/support/article/en-us/sln320366/dsa-2020-042-dell-emc-networking-security-update-for-an-information-disclosure-vulnerability?lang=en

Scores

CVSS v3 8.1

EPSS 0.1721

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-200

Status published

Products (5)

dell/pc5500_firmware < 4.1.0.22

dell/r1-2210_firmware < 3.0.1.2

dell/r1-2401_firmware < 3.0.1.2

dell/x1000_firmware < 2.0.0.77

dell/x4012_firmware < 2.0.0.77

Published Apr 10, 2020

Tracked Since Feb 18, 2026