CVE-2020-19417
CVE-2020-19417 is a high-severity vulnerability in Emerson Wireless 1420 Gateway Firmware with a CVSS 3.x base score of 8.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 8.8)
- CVSS v2: 9.0
- EPSS exploit prediction: 3% (84th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Emerson Wireless 1420 Gateway Firmware
- Published:
- Last modified:
Description
Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.
Frequently asked questions
- What is CVE-2020-19417?
- Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the application.
- How severe is CVE-2020-19417?
- CVE-2020-19417 has a CVSS 3.x base score of 8.8, rated high severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2020-19417 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (84th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2020-19417?
- CVE-2020-19417 affects Emerson Wireless 1420 Gateway Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2020-19417?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2020-19417 published?
- CVE-2020-19417 was published on 2021-03-10 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:o:emerson:wireless_1420_gateway_firmware:4.6.59:*:*:*:*:*:*:*
More vulnerabilities in Emerson Wireless 1420 Gateway Firmware
- CVE-2020-12030 — Critical (CVSS 10.0): There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled.…
- CVE-2021-42542 — High (CVSS 8.0): The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
- CVE-2021-42540 — High (CVSS 8.0): The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can…
- CVE-2021-42539 — High (CVSS 8.0): The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to…
- CVE-2021-42538 — High (CVSS 8.0): The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply…
- CVE-2021-42536 — High (CVSS 8.0): The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read…