9.8

CVE-2020-11967

EPSS 0.85%
Veröffentlicht 21.04.2020 13:15:15
Zuletzt bearbeitet 21.11.2024 04:59:00
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Evenroute ≫ Iqrouter Firmware Version <= 3.3.1

Evenroute ≫ Iqrouter Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.85%	0.746

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	10	8.5	AV:N/AC:L/Au:N/C:P/I:P/A:C

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://evenroute.com/

Product

https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-

https://openwrt.org/docs/guide-quick-start/walkthrough_login

https://pastebin.com/grSCSBSu

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11967

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11967

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11967

EUVD