CVE-2020-5330
Description
CVE-2020-5330 is an information disclosure vulnerability in Dell EMC Networking firmware, allowing a remote unauthenticated attacker to retrieve sensitive data via a specially crafted request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2020-5330 is an information disclosure vulnerability in Dell EMC Networking firmware, allowing a remote unauthenticated attacker to retrieve sensitive data via a specially crafted request.
Vulnerability
CVE-2020-5330 is an information disclosure vulnerability present in multiple Dell EMC Networking firmware versions. Affected products include Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older, and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older [1]. The vulnerability exists in the affected endpoints that process network requests, and no special configuration or user interaction is required to reach the vulnerable code path [1].
Exploitation
A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the affected endpoints [1]. No authentication or prior access to the device is required, and the attack can be carried out over the network. The precise nature of the request or the endpoint involved is not detailed in the available references [1].
Impact
Successful exploitation allows the attacker to retrieve sensitive data from the affected device [1]. The CVSS v3.1 base score is 8.1 (High) with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability, though the attack complexity is high [1]. The attacker gains no privileged access but can extract potentially sensitive information.
Mitigation
Dell Technologies has released firmware updates to address this vulnerability. For VRTX Series Switches, fixed versions include R1-2210 and R1-2401. For Dell PC5500 Series (X1000 and X4012), fixed versions are available (details in reference). For X-Series, updated firmware is also provided [1]. Users should update to the latest firmware version for their respective product to remediate the vulnerability.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <=3.0.1.2
- Range: <=4.1.0.22
- Range: <=2.0.0.77
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The affected firmware versions do not properly sanitize requests, allowing for the disclosure of sensitive information."
Attack vector
A remote, unauthenticated attacker can send a specially crafted request to the affected endpoints. This request exploits a vulnerability in the firmware to retrieve sensitive data. The vulnerability affects Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older, and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older [ref_id=1].
Affected code
The vulnerability is present in the firmware of Dell EMC Networking X-Series, Dell EMC Networking PC5500, and Dell EMC PowerEdge VRTX Switch Modules. The specific code paths or functions responsible for handling requests and disclosing information are not detailed in the provided information.
What the fix does
The advisory indicates that Dell released security updates to address this vulnerability. Users are advised to update their firmware to the latest available versions to remediate the issue. The specific patch details are not provided in the bundle, but the update is expected to correct the improper handling of requests that led to information disclosure.
Preconditions
- authThe attacker does not require any authentication.
- networkThe attacker must have network access to the affected devices.
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.