CVE-2020-9474

HIGH

Siedle SG 150-0 Firmware < 1.2.4 - Download Without Integrity Check

Title source: rule

Description

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway.

References (1)

[Exploit, Third Party Advisory] https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/

Scores

CVSS v3 8.8

EPSS 0.0138

EPSS Percentile 80.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-494

Status published

Products (1)

siedle/sg_150-0_firmware < 1.2.4

Published May 07, 2020

Tracked Since Feb 18, 2026