CVE-2020-12125

EPSS 5.94%
Veröffentlicht 02.10.2020 09:15:13
Zuletzt bearbeitet 21.11.2024 04:59:17
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wavlink ≫ Wn530h4 Firmware Versionm30h4.v5030.190403

Wavlink ≫ Wn530h4 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.94%	0.896

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.wavlink.com/en_us/product/WL-WN530H4.html

Vendor Advisory

Product

https://cerne.xyz/bugs/CVE-2020-12125

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12125

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12125

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12125

EUVD