Sign-up

ID

VAR-202007-0064


CVE

CVE-2020-10987


TITLE

Tenda AC15 AC1900 Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007726

DESCRIPTION

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Tenda AC15 AC1900 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company

Trust: 2.25

sources: NVD: CVE-2020-10987 // JVNDB: JVNDB-2020-007726 // CNVD: CNVD-2020-41513 // VULMON: CVE-2020-10987

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-41513

AFFECTED PRODUCTS

vendor:tendamodel:ac15scope:eqversion:15.03.05.19

Trust: 1.8

vendor:tendamodel:ac15 ac1900scope:eqversion:15.03.05.19

Trust: 0.6

sources: CNVD: CNVD-2020-41513 // JVNDB: JVNDB-2020-007726 // NVD: CVE-2020-10987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10987
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-007726
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-41513
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-564
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-10987
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10987
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007726
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-41513
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10987
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007726
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-41513 // VULMON: CVE-2020-10987 // JVNDB: JVNDB-2020-007726 // CNNVD: CNNVD-202007-564 // NVD: CVE-2020-10987

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2020-007726 // NVD: CVE-2020-10987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-564

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-564

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007726

PATCH
title:Top Pageurl:http://www.tenda.cz/
Trust: 0.8
title: - url:https://github.com/20142995/Goby 
Trust: 0.1
title:Threatposturl:https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/
Trust: 0.1
title:Threatposturl:https://threatpost.com/gitpaste-12-worm-linux-servers-iot-devices/161016/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-10987 // 
            
            
            
            JVNDB: JVNDB-2020-007726

EXTERNAL IDS
db:NVDid:CVE-2020-10987
Trust: 3.1
db:JVNDBid:JVNDB-2020-007726
Trust: 0.8
db:CNVDid:CNVD-2020-41513
Trust: 0.6
db:NSFOCUSid:48170
Trust: 0.6
db:CNNVDid:CNNVD-202007-564
Trust: 0.6
db:VULMONid:CVE-2020-10987
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-41513 // 
            
            
            
            VULMON: CVE-2020-10987 // 
            
            
            
            JVNDB: JVNDB-2020-007726 // 
            
            
            
            CNNVD: CNNVD-202007-564 // 
            
            
            
            NVD: CVE-2020-10987

REFERENCES
url:https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-10987
Trust: 2.0
url:https://www.ise.io/research/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10987
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48170
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-41513 // 
            
            
            
            VULMON: CVE-2020-10987 // 
            
            
            
            JVNDB: JVNDB-2020-007726 // 
            
            
            
            CNNVD: CNNVD-202007-564 // 
            
            
            
            NVD: CVE-2020-10987

SOURCES
db:CNVDid:CNVD-2020-41513
db:VULMONid:CVE-2020-10987
db:JVNDBid:JVNDB-2020-007726
db:CNNVDid:CNNVD-202007-564
db:NVDid:CVE-2020-10987

LAST UPDATE DATE
2024-08-14T14:44:47.697000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-41513date:2020-07-22T00:00:00
db:VULMONid:CVE-2020-10987date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-007726date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202007-564date:2020-08-28T00:00:00
db:NVDid:CVE-2020-10987date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-41513date:2020-07-22T00:00:00
db:VULMONid:CVE-2020-10987date:2020-07-13T00:00:00
db:JVNDBid:JVNDB-2020-007726date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202007-564date:2020-07-13T00:00:00
db:NVDid:CVE-2020-10987date:2020-07-13T19:15:12.207