CVE-2020-28993 – CVE-2020-28993 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2020-28993?

CVE-2020-28993 has a CVSS score of 7.5 (HIGH). CVE-2020-28993 is a directory traversal vulnerability in ATX miniCMTS200a Broadband Gateway and Pico CMTS devices that allows unauthenticated attackers to retrieve administrator credentials via malicious POST requests. This affects organizations using these specific ATX networking devices for broadband services. Successful exploitation gives attackers administrative access to the gateway.

📋 TL;DR

CVE-2020-28993 is a directory traversal vulnerability in ATX miniCMTS200a Broadband Gateway and Pico CMTS devices that allows unauthenticated attackers to retrieve administrator credentials via malicious POST requests. This affects organizations using these specific ATX networking devices for broadband services. Successful exploitation gives attackers administrative access to the gateway.

💻 Affected Systems

Products:

ATX miniCMTS200a Broadband Gateway
ATX Pico CMTS

Versions: through 2.0

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with web management interfaces accessible to attackers are vulnerable. The vulnerability requires network access to the device's management interface.

📦 What is this software?

Minicmts200a Firmware by Atx

View all CVEs affecting Minicmts200a Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the broadband gateway allowing attackers to reconfigure network settings, intercept traffic, deploy malware, or use the device as an attack pivot point into the internal network.

🟠

Likely Case

Attackers gain administrative credentials and take control of the gateway to monitor or manipulate network traffic, potentially leading to data interception or service disruption.

🟢

If Mitigated

Attackers can still retrieve credentials but cannot use them due to network segmentation, strong authentication controls, or immediate credential rotation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID: 49124) and requires minimal technical skill to execute. The attack can be automated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

Contact ATX support for firmware updates or replacement options. No official patch information is publicly documented.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks and restrict access to management interfaces

Access Control Lists

all

Implement firewall rules to restrict access to device management interfaces

🧯 If You Can't Patch

Immediately change all administrator credentials and implement strong password policies
Monitor network traffic to/from affected devices for suspicious POST requests to credential-related endpoints

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI. If version is 2.0 or earlier, device is vulnerable.

Check Version:

Check via web interface at http://[device-ip]/status or consult device documentation

Verify Fix Applied:

Verify firmware version is above 2.0 or test with controlled exploit attempt (not recommended in production).

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to credential-related paths
Multiple failed login attempts followed by successful login from new IP

Network Indicators:

POST requests to paths containing directory traversal sequences (../)
Credential retrieval attempts from unauthorized sources

SIEM Query:

source_ip=* AND (http_method=POST AND (uri="*../*" OR uri="*credentials*" OR uri="*admin*"))

📊 Metadata

CVE ID: CVE-2020-28993

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: December 1, 2020

Last Updated: November 21, 2024

🔗 References

https://atx.com/products/commercial-services-gateways/minicmts200a-broadband-gateway/ Product,Vendor Advisory
https://www.exploit-db.com/exploits/49124 Exploit,Third Party Advisory,VDB Entry
https://atx.com/products/commercial-services-gateways/minicmts200a-broadband-gateway/ Product,Vendor Advisory
https://www.exploit-db.com/exploits/49124 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28993, you might also want to check these: