Sign-up

ID

VAR-202102-0536


CVE

CVE-2020-36109


TITLE

ASUS RT-AX86U  Classic buffer overflow vulnerability in router firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-003165

DESCRIPTION

ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a buffer overflow in the blocking_request.cgi function of the httpd module that can cause code execution when an attacker constructs malicious data. ASUS RT-AX86U A classic buffer overflow vulnerability exists in router firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. ASUS RT-AX86U is a wireless router from China ASUS (ASUS). ASUS RT-AX86U router firmware has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2020-36109 // JVNDB: JVNDB-2021-003165 // CNVD: CNVD-2022-04717 // VULMON: CVE-2020-36109

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-04717

AFFECTED PRODUCTS

vendor:asusmodel:rt-ax86uscope:ltversion:9.0.0.4_386

Trust: 1.0

vendor:asustek computermodel:rt-ax86uscope:eqversion:rt-ax86u firmware 9.0.0.4_386

Trust: 0.8

vendor:asustek computermodel:rt-ax86uscope:eqversion: -

Trust: 0.8

vendor:asusmodel:rt-ax86u <9.0.0.4 386scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-04717 // JVNDB: JVNDB-2021-003165 // NVD: CVE-2020-36109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-36109
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-36109
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-04717
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202102-042
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-36109
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-36109
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-04717
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-36109
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-36109
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-04717 // VULMON: CVE-2020-36109 // JVNDB: JVNDB-2021-003165 // CNNVD: CNNVD-202102-042 // NVD: CVE-2020-36109

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003165 // NVD: CVE-2020-36109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-042

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-042

PATCH

title:ASUS Product Security Advisoryurl:https://www.asus.com/content/ASUS-Product-Security-Advisory/

Trust: 0.8

title:Patch for ASUS RT-AX86U Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/314216

Trust: 0.6

title:ASUS RT-AX86U Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143269

Trust: 0.6

title:CVE-2020-36109-POCurl:https://github.com/tin-z/CVE-2020-36109-POC

Trust: 0.1

title: - url:https://github.com/sunn1day/CVE-2020-36109-POC

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

sources: CNVD: CNVD-2022-04717 // VULMON: CVE-2020-36109 // JVNDB: JVNDB-2021-003165 // CNNVD: CNNVD-202102-042

EXTERNAL IDS

db:NVDid:CVE-2020-36109

Trust: 3.1

db:JVNDBid:JVNDB-2021-003165

Trust: 0.8

db:CNVDid:CNVD-2022-04717

Trust: 0.6

db:CNNVDid:CNNVD-202102-042

Trust: 0.6

db:VULMONid:CVE-2020-36109

Trust: 0.1

sources: CNVD: CNVD-2022-04717 // VULMON: CVE-2020-36109 // JVNDB: JVNDB-2021-003165 // CNNVD: CNNVD-202102-042 // NVD: CVE-2020-36109

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-36109

Trust: 2.0

url:https://www.asus.com/static_webpage/asus-product-security-advisory/

Trust: 1.7

url:https://github.com/tin-z/cve-2020-36109-poc#more-details

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://github.com/tin-z/cve-2020-36109-poc

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-04717 // VULMON: CVE-2020-36109 // JVNDB: JVNDB-2021-003165 // CNNVD: CNNVD-202102-042 // NVD: CVE-2020-36109

SOURCES

db:CNVDid:CNVD-2022-04717
db:VULMONid:CVE-2020-36109
db:JVNDBid:JVNDB-2021-003165
db:CNNVDid:CNNVD-202102-042
db:NVDid:CVE-2020-36109

LAST UPDATE DATE

2024-11-23T22:05:15.487000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-04717date:2022-01-18T00:00:00
db:VULMONid:CVE-2020-36109date:2021-02-05T00:00:00
db:JVNDBid:JVNDB-2021-003165date:2021-10-19T08:47:00
db:CNNVDid:CNNVD-202102-042date:2021-03-03T00:00:00
db:NVDid:CVE-2020-36109date:2024-11-21T05:28:44.903

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-04717date:2022-01-18T00:00:00
db:VULMONid:CVE-2020-36109date:2021-02-01T00:00:00
db:JVNDBid:JVNDB-2021-003165date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202102-042date:2021-02-01T00:00:00
db:NVDid:CVE-2020-36109date:2021-02-01T14:15:12.303