CVE-2020-5546

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-88
View all →

Vulnerability Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows an attacker on the same network segment to stop the network functions or execute malware via a specially crafted packet.

Related Vulnerabilities

CVE-2018-20234

HIGH
CVSS:8.8(High)

There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to comm...

CWE-882018

CVE-2019-11582

HIGH
CVSS:8.8(High)

An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a craft...

CWE-882019

CVE-2019-11751

HIGH
CVSS:8.8(High)

Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to...

CWE-882019

CVE-2019-13475

HIGH
CVSS:8.8(High)

In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on ...

CWE-882019

CVE-2019-15498

HIGH
CVSS:8.8(High)

cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/c...

CWE-882019

CVE-2019-3931

HIGH
CVSS:8.8(High)

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attac...

CWE-882019