CVE-2020-5546
HIGHMitsubishi Electric MELQIC IU1 <1.0.7 - Command Injection
Title source: llmDescription
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://jvn.jp/en/vu/JVNVU92370624/index.html
Patch, Vendor Advisory x_refsource_misc
https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdf
Scores
CVSS v3
8.8
EPSS
0.0090
EPSS Percentile
54.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-88
Status
published
Products (1)
mitsubishielectric/iu1-1m20-d_firmware
< 1.0.7
Published
Mar 16, 2020
Tracked Since
Feb 18, 2026