CVE-2020-5637 Vulnerability Analysis & Exploit Details

CVE-2020-5637 Vulnerability Summary

Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 0.044% (probability of exploit)

EPSS Percentile: 15.1% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 84.9% of others.

CVE-2020-5637 Detailed Information and External References

References

• https://jvn.jp/en/jp/JVN55917325/index.html
• https://jvn.jp/jp/JVN55917325/index.html
• https://www.necplatforms.co.jp/product/security_ap/info_20201211.html

CWE

CAPEC

• Checksum Spoofing CAPEC-145 An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.
• Padding Oracle Crypto Attack CAPEC-463 An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
• Manipulating Writeable Configuration Files CAPEC-75 Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.

Vulnerable Configurations

• cpe:2.3:o:necplatforms:aterm_sa3500g_firmware:-:*:*:*:*:*:*:*
  cpe:2.3:o:necplatforms:aterm_sa3500g_firmware:-:*:*:*:*:*:*:*
• cpe:2.3:h:necplatforms:aterm_sa3500g:-:*:*:*:*:*:*:*
  cpe:2.3:h:necplatforms:aterm_sa3500g:-:*:*:*:*:*:*:*

CVSS3 Source

nvd@nist.gov

CVSS3 Type

Primary

CVSS3 Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Other Recently Published CVEs

• CVE-2025-0864 – The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v...
• CVE-2025-0425 – Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to...
• CVE-2025-0424 – In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple authenticated stored cross-site scripting...
• CVE-2025-0423 – In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripti...
• CVE-2025-0422 – An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. (Remote Code Exe...
• CVE-2024-13795 – The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includi...
• CVE-2024-13704 – The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, a...
• CVE-2024-13575 – The Web Stories Enhancer – Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'web_storie...
• CVE-2024-13465 – The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Table Of Content" Block, specif...
• CVE-2024-11895 – The Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shor...