7.5
CVE-2020-9476
- EPSS 0.96%
- Veröffentlicht 04.03.2020 19:15:14
- Zuletzt bearbeitet 21.11.2024 05:40:43
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Commscope ≫ Arris Tg1692a Firmware Version9.1.103de2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.96% | 0.569 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://arris.secure.force.com/consumers/ConsumerProductSupport
https://medium.com/%40rsantos_14778/info-disclosure-cve-2020-9476-494a08298c6b