ID

VAR-202007-0064


CVE

CVE-2020-10987


TITLE

Tenda AC15 AC1900 Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007726

DESCRIPTION

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Tenda AC15 AC1900 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company

Trust: 2.25

sources: NVD: CVE-2020-10987 // JVNDB: JVNDB-2020-007726 // CNVD: CNVD-2020-41513 // VULMON: CVE-2020-10987

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-41513

AFFECTED PRODUCTS

vendor:tendamodel:ac15scope:eqversion:15.03.05.19

Trust: 1.8

vendor:tendamodel:ac15 ac1900scope:eqversion:15.03.05.19

Trust: 0.6

sources: CNVD: CNVD-2020-41513 // JVNDB: JVNDB-2020-007726 // NVD: CVE-2020-10987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10987
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-007726
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-41513
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-564
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-10987
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10987
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007726
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-41513
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-10987
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007726
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-41513 // VULMON: CVE-2020-10987 // JVNDB: JVNDB-2020-007726 // CNNVD: CNNVD-202007-564 // NVD: CVE-2020-10987

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2020-007726 // NVD: CVE-2020-10987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-564

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-564

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007726

PATCH

title:Top Pageurl:http://www.tenda.cz/

Trust: 0.8

title: - url:https://github.com/20142995/Goby

Trust: 0.1

title:Threatposturl:https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/

Trust: 0.1

title:Threatposturl:https://threatpost.com/gitpaste-12-worm-linux-servers-iot-devices/161016/

Trust: 0.1

sources: VULMON: CVE-2020-10987 // JVNDB: JVNDB-2020-007726

EXTERNAL IDS

db:NVDid:CVE-2020-10987

Trust: 3.1

db:JVNDBid:JVNDB-2020-007726

Trust: 0.8

db:CNVDid:CNVD-2020-41513

Trust: 0.6

db:NSFOCUSid:48170

Trust: 0.6

db:CNNVDid:CNNVD-202007-564

Trust: 0.6

db:VULMONid:CVE-2020-10987

Trust: 0.1

sources: CNVD: CNVD-2020-41513 // VULMON: CVE-2020-10987 // JVNDB: JVNDB-2020-007726 // CNNVD: CNNVD-202007-564 // NVD: CVE-2020-10987

REFERENCES

url:https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-10987

Trust: 2.0

url:https://www.ise.io/research/

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10987

Trust: 0.8

url:http://www.nsfocus.net/vulndb/48170

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/

Trust: 0.1

sources: CNVD: CNVD-2020-41513 // VULMON: CVE-2020-10987 // JVNDB: JVNDB-2020-007726 // CNNVD: CNNVD-202007-564 // NVD: CVE-2020-10987

SOURCES

db:CNVDid:CNVD-2020-41513
db:VULMONid:CVE-2020-10987
db:JVNDBid:JVNDB-2020-007726
db:CNNVDid:CNNVD-202007-564
db:NVDid:CVE-2020-10987

LAST UPDATE DATE

2024-08-14T14:44:47.697000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-41513date:2020-07-22T00:00:00
db:VULMONid:CVE-2020-10987date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-007726date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202007-564date:2020-08-28T00:00:00
db:NVDid:CVE-2020-10987date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-41513date:2020-07-22T00:00:00
db:VULMONid:CVE-2020-10987date:2020-07-13T00:00:00
db:JVNDBid:JVNDB-2020-007726date:2020-08-25T00:00:00
db:CNNVDid:CNNVD-202007-564date:2020-07-13T00:00:00
db:NVDid:CVE-2020-10987date:2020-07-13T19:15:12.207