10
CVE-2020-3923
- EPSS 0.33%
- Veröffentlicht 27.02.2020 04:15:10
- Zuletzt bearbeitet 21.11.2024 05:31:57
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginDVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tonnet ≫ Tat-77104g1 Firmware Version <= tat-77104g1_20190107
Tonnet ≫ Tat-70432n Firmware Version <= tat-77208g1_20181225
Tonnet ≫ Tat-71416g1 Firmware Version <= tat-71416g1_20181225
Tonnet ≫ Tat-71832g1 Firmware Version <= tat-71832g1_20190510
Tonnet ≫ Tat-76104g3 Firmware Version <= 20181220_76104g3
Tonnet ≫ Tat-76108g3 Firmware Version <= 20181221_76208g3
Tonnet ≫ Tat-76116g3 Firmware Version <= 20181221_76216g3
Tonnet ≫ Tat-76132g3 Firmware Version <= tat-70832g3_20181221-1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.554 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| twcert@cert.org.tw | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.