9.8
CVE-2020-12106
- EPSS 1.4%
- Veröffentlicht 12.08.2020 19:15:13
- Zuletzt bearbeitet 21.11.2024 04:59:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Stengg ≫ Vpncrypt M10 Firmware Version2.6.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.4% | 0.689 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://www.stengg.com/cybersecurity
https://www.stengg.com/media/1076253/vpncrypt-m10-cve-advisory-notice.pdf