8.8

CVE-2020-5589

SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SonyWf-1000x Firmware Version-
   SonyWf-1000x Version-
SonyWf-sp700n Firmware Version-
   SonyWf-sp700n Version-
SonyWh-1000xm2 Firmware Version-
   SonyWh-1000xm2 Version-
SonyWh-1000xm3 Firmware Version-
   SonyWh-1000xm3 Version-
SonyWh-ch700n Firmware Version-
   SonyWh-ch700n Version-
SonyWh-h900n Firmware Version-
   SonyWh-h900n Version-
SonyWh-xb700 Firmware Version-
   SonyWh-xb700 Version-
SonyWh-xb900n Firmware Version-
   SonyWh-xb900n Version-
SonyWi-1000x Firmware Version-
   SonyWi-1000x Version-
SonyWi-c600n Firmware Version-
   SonyWi-c600n Version-
SonyWi-sp600n Firmware Version-
   SonyWi-sp600n Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.272
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 8.3 6.5 10
AV:A/AC:L/Au:N/C:C/I:C/A:C
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://jvn.jp/en/jp/JVN67447798/
Third Party Advisory