CVE-2020-5543
Description
CVE-2020-5543 describes a session fixation vulnerability in Mitsubishi Electric MELQIC IU1 series firmware prior to 1.0.8 that allows remote attackers to stop network functions or execute malware via a crafted packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2020-5543 describes a session fixation vulnerability in Mitsubishi Electric MELQIC IU1 series firmware prior to 1.0.8 that allows remote attackers to stop network functions or execute malware via a crafted packet.
Vulnerability
CVE-2020-5543 is a session fixation vulnerability (CWE-384) in the TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D devices running firmware version 1.0.7 and earlier [1]. The vulnerability allows an attacker to improperly manage sessions, potentially leading to serious impacts [1].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted packet to the target device over the network [1]. No authentication or user interaction is required; the attacker only needs network access to the affected product [1].
Impact
Successful exploitation could allow a remote attacker to stop the network functions of the device or execute malware [1]. This results in a denial of service (DoS) condition or arbitrary code execution, compromising the confidentiality, integrity, and availability of the device and potentially the wider network [1].
Mitigation
Mitsubishi Electric has released firmware version 1.08 to address this vulnerability, and it is recommended to update using IU Configuration Tool version 1.04 or later [1]. As a workaround, restricting network access from untrusted networks and hosts via a firewall may mitigate the risk [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.0.7
- Range: IU1-1M20-D firmware version 1.0.7 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- jvn.jp/en/vu/JVNVU92370624/index.htmlmitrex_refsource_MISC
- www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2019-004.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.