Sign-up

ID

VAR-202010-0875


CVE

CVE-2020-25157


TITLE

Advantech Made R-SeeNet To SQL Injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-009105

DESCRIPTION

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. Advantech Provided by the company R-SeeNet Is an application for monitoring routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within device_position.php. When parsing the device_id parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms. There are SQL injection vulnerabilities in R-SeeNet Versions 1.5.1 to 2.4.10

Trust: 2.43

sources: NVD: CVE-2020-25157 // JVNDB: JVNDB-2020-009105 // ZDI: ZDI-20-1262 // VULHUB: VHN-179107 // VULMON: CVE-2020-25157

AFFECTED PRODUCTS

vendor:advantechmodel:r-seenetscope:lteversion:2.4.10

Trust: 1.0

vendor:advantechmodel:r-seenetscope:gteversion:1.5.1

Trust: 1.0

vendor:advantechmodel:r-seenetscope:eqversion:versions 1.5.1 から 2.4.10

Trust: 0.8

vendor:advantechmodel:r-seenetscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-1262 // JVNDB: JVNDB-2020-009105 // NVD: CVE-2020-25157

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25157
value: HIGH

Trust: 1.0

JPCERT/CC: JVNDB-2020-009105
value: HIGH

Trust: 0.8

ZDI: CVE-2020-25157
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202010-697
value: HIGH

Trust: 0.6

VULHUB: VHN-179107
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-25157
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-25157
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-179107
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-25157
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

JPCERT/CC score: JVNDB-2020-009105
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-25157
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1262 // VULHUB: VHN-179107 // VULMON: CVE-2020-25157 // JVNDB: JVNDB-2020-009105 // CNNVD: CNNVD-202010-697 // NVD: CVE-2020-25157

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

sources: VULHUB: VHN-179107 // NVD: CVE-2020-25157

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-697

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202010-697

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009105

PATCH
title:R-SeeNet Information Disclosure Vulnerabilityurl:https://ep.advantech-bb.cz/support/router-models/download/239/sa-2020-01-01-r-seenet-2-4-10-vulnerability-en.pdf
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://us-cert.cisa.gov/ics/advisories/icsa-20-289-02
Trust: 0.7
title:Advantech R-SeeNet Versions SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131315
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-1262 // 
            
            
            
            JVNDB: JVNDB-2020-009105 // 
            
            
            
            CNNVD: CNNVD-202010-697

EXTERNAL IDS
db:NVDid:CVE-2020-25157
Trust: 3.3
db:ICS CERTid:ICSA-20-289-02
Trust: 2.6
db:JVNid:JVNVU93185015
Trust: 0.8
db:JVNDBid:JVNDB-2020-009105
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-11373
Trust: 0.7
db:ZDIid:ZDI-20-1262
Trust: 0.7
db:CNNVDid:CNNVD-202010-697
Trust: 0.7
db:AUSCERTid:ESB-2020.3585
Trust: 0.6
db:SEEBUGid:SSVID-98406
Trust: 0.1
db:VULHUBid:VHN-179107
Trust: 0.1
db:VULMONid:CVE-2020-25157
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-1262 // 
            
            
            
            VULHUB: VHN-179107 // 
            
            
            
            VULMON: CVE-2020-25157 // 
            
            
            
            JVNDB: JVNDB-2020-009105 // 
            
            
            
            CNNVD: CNNVD-202010-697 // 
            
            
            
            NVD: CVE-2020-25157

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-289-02
Trust: 3.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-25157
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93185015/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-25157
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.3585/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189887
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-1262 // 
            
            
            
            VULHUB: VHN-179107 // 
            
            
            
            VULMON: CVE-2020-25157 // 
            
            
            
            JVNDB: JVNDB-2020-009105 // 
            
            
            
            CNNVD: CNNVD-202010-697 // 
            
            
            
            NVD: CVE-2020-25157

CREDITS
rgod
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-1262

SOURCES
db:ZDIid:ZDI-20-1262
db:VULHUBid:VHN-179107
db:VULMONid:CVE-2020-25157
db:JVNDBid:JVNDB-2020-009105
db:CNNVDid:CNNVD-202010-697
db:NVDid:CVE-2020-25157

LAST UPDATE DATE
2024-11-23T22:25:20.851000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-1262date:2020-10-19T00:00:00
db:VULHUBid:VHN-179107date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-25157date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-009105date:2020-10-19T00:00:00
db:CNNVDid:CNNVD-202010-697date:2020-10-26T00:00:00
db:NVDid:CVE-2020-25157date:2024-11-21T05:17:29.873

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-1262date:2020-10-19T00:00:00
db:VULHUBid:VHN-179107date:2020-10-20T00:00:00
db:VULMONid:CVE-2020-25157date:2020-10-20T00:00:00
db:JVNDBid:JVNDB-2020-009105date:2020-10-19T00:00:00
db:CNNVDid:CNNVD-202010-697date:2020-10-15T00:00:00
db:NVDid:CVE-2020-25157date:2020-10-20T22:15:43.060