7.5

CVE-2020-11968

EPSS 0.69%
Veröffentlicht 21.04.2020 13:15:15
Zuletzt bearbeitet 21.11.2024 04:59:00
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Evenroute ≫ Iqrouter Firmware Version <= 3.3.1

Evenroute ≫ Iqrouter Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.714

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://evenroute.com/

Product

https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-

https://openwrt.org/docs/guide-quick-start/walkthrough_login

https://pastebin.com/grSCSBSu

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11968

EUVD