Details of VAR-202002-1463

ID

VAR-202002-1463

CVE

CVE-2020-8614

TITLE

Askey AP4000W Input verification vulnerabilities on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-001970

DESCRIPTION

An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188. Askey AP4000W The device contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Askey AP4000W is an AP device from Askey Computer. There are security vulnerabilities in Askey AP4000W TDC_V1.01.003. The vulnerability originates from the process of constructing a code snippet from external input data, and a network system or product fails to properly filter special elements therein

Trust: 2.25

sources: NVD: CVE-2020-8614 // JVNDB: JVNDB-2020-001970 // CNVD: CNVD-2020-10492 // VULMON: CVE-2020-8614

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-10492

AFFECTED PRODUCTS

vendor:	askey	model:	ap4000w	scope:	eq	version:	tdc_v1.01.003	Trust: 1.0
vendor:	askey computer	model:	ap4000w	scope:	eq	version:	tdc 1.01.003	Trust: 0.8
vendor:	askey	model:	ap4000w tdc v1.01.003	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-10492 // JVNDB: JVNDB-2020-001970 // NVD: CVE-2020-8614

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8614
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-001970
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-10492
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202002-758
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2020-8614
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-8614
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-001970
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-10492
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-8614
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-001970
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-10492 // VULMON: CVE-2020-8614 // JVNDB: JVNDB-2020-001970 // CNNVD: CNNVD-202002-758 // NVD: CVE-2020-8614

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-001970 // NVD: CVE-2020-8614

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-758

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-758

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001970

PATCH

title:

Top Page

url:

https://www.askey.com.tw/

Trust: 0.8

sources: JVNDB: JVNDB-2020-001970

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8614	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-001970	Trust: 0.8
db:	CNVD	id:	CNVD-2020-10492	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-758	Trust: 0.6
db:	VULMON	id:	CVE-2020-8614	Trust: 0.1

sources: CNVD: CNVD-2020-10492 // VULMON: CVE-2020-8614 // JVNDB: JVNDB-2020-001970 // CNNVD: CNNVD-202002-758 // NVD: CVE-2020-8614

REFERENCES

url:	https://improsec.com/tech-blog/rce-askey	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8614	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8614	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/176230	Trust: 0.1

sources: CNVD: CNVD-2020-10492 // VULMON: CVE-2020-8614 // JVNDB: JVNDB-2020-001970 // CNNVD: CNNVD-202002-758 // NVD: CVE-2020-8614

SOURCES

db:	CNVD	id:	CNVD-2020-10492
db:	VULMON	id:	CVE-2020-8614
db:	JVNDB	id:	JVNDB-2020-001970
db:	CNNVD	id:	CNNVD-202002-758
db:	NVD	id:	CVE-2020-8614

LAST UPDATE DATE

2024-11-23T21:51:38.548000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-10492	date:	2020-02-19T00:00:00
db:	VULMON	id:	CVE-2020-8614	date:	2020-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-001970	date:	2020-03-02T00:00:00
db:	CNNVD	id:	CNNVD-202002-758	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-8614	date:	2024-11-21T05:39:07.590

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-10492	date:	2020-02-19T00:00:00
db:	VULMON	id:	CVE-2020-8614	date:	2020-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-001970	date:	2020-03-02T00:00:00
db:	CNNVD	id:	CNNVD-202002-758	date:	2020-02-13T00:00:00
db:	NVD	id:	CVE-2020-8614	date:	2020-02-13T16:15:13.887