CVE-2020-7548

CRITICAL

Smartlink PowerTag Wiser Series Gateways - Info Disclosure

Title source: llm
STIX 2.1

Description

A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.se.com/ww/en/download/document/SEVD-2020-287-03/

Scores

CVSS v3 9.8
EPSS 0.0141
EPSS Percentile 69.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-330
Status published
Products (7)
schneider-electric/acti9_powertag_link_firmware < 001.008.007
schneider-electric/acti9_powertag_link_hd_firmware < 001.008.007
schneider-electric/acti9_smartlink_el_b_firmware < 1.2.1
schneider-electric/acti9_smartlink_si_b_firmware < 002.004.002
schneider-electric/acti9_smartlink_si_d_firmware < 002.004.002
schneider-electric/wiser_energy_firmware < 1.5.0
schneider-electric/wiser_link_firmware < 1.5.0
Published Dec 01, 2020
Tracked Since Feb 18, 2026