Details of VAR-202008-0673

ID

VAR-202008-0673

CVE

CVE-2020-15499

TITLE

ASUS RT-AC1900P routers cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-49903 // CNNVD: CNNVD-202008-1269

DESCRIPTION

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. ASUS RT-AC1900P A cross-site scripting vulnerability exists in the router.Information may be obtained and tampered with. Remote attackers can use the vulnerability to inject malicious scripts or HTML code. When malicious data is viewed, they can obtain sensitive information or hijack user sessions

Trust: 2.16

sources: NVD: CVE-2020-15499 // JVNDB: JVNDB-2020-010161 // CNVD: CNVD-2020-49903

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-49903

AFFECTED PRODUCTS

vendor:	asus	model:	rt-ac1900p	scope:	lt	version:	3.0.0.4.385.20253	Trust: 1.0
vendor:	asustek computer	model:	rt-ac1900p	scope:	eq	version:	3.0.0.4.385_20253	Trust: 0.8
vendor:	asus	model:	rt-ac1900p routers <3.0.0.4.385 20253	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-49903 // JVNDB: JVNDB-2020-010161 // NVD: CVE-2020-15499

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15499
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-010161
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-49903
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202008-1269
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-15499
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-010161
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-49903
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15499
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-010161
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-49903 // JVNDB: JVNDB-2020-010161 // CNNVD: CNNVD-202008-1269 // NVD: CVE-2020-15499

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-010161 // NVD: CVE-2020-15499

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1269

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202008-1269

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010161

PATCH

title:	Top Page	url:	https://www.asus.com/	Trust: 0.8
title:	Patch for ASUS RT-AC1900P routers cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/232459	Trust: 0.6
title:	ASUS RT-AC1900P routers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126913	Trust: 0.6

sources: CNVD: CNVD-2020-49903 // JVNDB: JVNDB-2020-010161 // CNNVD: CNNVD-202008-1269

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15499	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-010161	Trust: 0.8
db:	CNVD	id:	CNVD-2020-49903	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-1269	Trust: 0.6

sources: CNVD: CNVD-2020-49903 // JVNDB: JVNDB-2020-010161 // CNNVD: CNNVD-202008-1269 // NVD: CVE-2020-15499

REFERENCES

url:	https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15499	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15499	Trust: 0.8

sources: CNVD: CNVD-2020-49903 // JVNDB: JVNDB-2020-010161 // CNNVD: CNNVD-202008-1269 // NVD: CVE-2020-15499

SOURCES

db:	CNVD	id:	CNVD-2020-49903
db:	JVNDB	id:	JVNDB-2020-010161
db:	CNNVD	id:	CNNVD-202008-1269
db:	NVD	id:	CVE-2020-15499

LAST UPDATE DATE

2024-11-23T23:04:17.095000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-49903	date:	2020-09-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-010161	date:	2020-12-24T07:30:02
db:	CNNVD	id:	CNNVD-202008-1269	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-15499	date:	2024-11-21T05:05:38.580

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-49903	date:	2020-09-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-010161	date:	2020-12-24T07:30:02
db:	CNNVD	id:	CNNVD-202008-1269	date:	2020-08-26T00:00:00
db:	NVD	id:	CVE-2020-15499	date:	2020-08-26T13:15:10.783