Sign-up

ID

VAR-202103-0234


CVE

CVE-2020-28695


TITLE

Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7  device   Code injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-016438

DESCRIPTION

Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 device Contains a code injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Askey is the world's largest professional manufacturer of international network communication equipment, and its main products include ADSL and Cable Modem, ADSL Router, Cable Router, etc. Askey fiber router unauthorized RCE vulnerability, unauthorized remote attackers can use this vulnerability to execute arbitrary commands on the target device

Trust: 2.25

sources: NVD: CVE-2020-28695 // JVNDB: JVNDB-2020-016438 // CNVD: CNVD-2021-29857 // VULMON: CVE-2020-28695

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-29857

AFFECTED PRODUCTS

vendor:askeymodel:rtf3505vw-n1 br sv g000 r3505vwn1001 s32 7scope:eqversion: -

Trust: 1.0

vendor:askey computermodel:rtf3505vw-n1 br sv g000 r3505vwn1001 s32 7scope:eqversion:rtf3505vw-n1 br_sv_g000_r3505vwn1001_s32_7 firmware

Trust: 0.8

vendor:askey computermodel:rtf3505vw-n1 br sv g000 r3505vwn1001 s32 7scope:eqversion: -

Trust: 0.8

vendor:askeymodel:fiber router rtf3505vw-n1scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-29857 // JVNDB: JVNDB-2020-016438 // NVD: CVE-2020-28695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-28695
value: HIGH

Trust: 1.0

NVD: CVE-2020-28695
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-29857
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202103-1568
value: HIGH

Trust: 0.6

VULMON: CVE-2020-28695
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-28695
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-29857
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-28695
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-28695
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-29857 // VULMON: CVE-2020-28695 // JVNDB: JVNDB-2020-016438 // CNNVD: CNNVD-202103-1568 // NVD: CVE-2020-28695

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:Code injection (CWE-94) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-016438 // NVD: CVE-2020-28695

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1568

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202103-1568

PATCH

title:Top Pageurl:https://www.askey.com.tw/

Trust: 0.8

title:Patch for Askey fiber router unauthorized RCE vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/260026

Trust: 0.6

title:Fiber and SSH Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145798

Trust: 0.6

sources: CNVD: CNVD-2021-29857 // JVNDB: JVNDB-2020-016438 // CNNVD: CNNVD-202103-1568

EXTERNAL IDS

db:NVDid:CVE-2020-28695

Trust: 3.1

db:JVNDBid:JVNDB-2020-016438

Trust: 0.8

db:CNVDid:CNVD-2021-29857

Trust: 0.6

db:CNNVDid:CNNVD-202103-1568

Trust: 0.6

db:VULMONid:CVE-2020-28695

Trust: 0.1

sources: CNVD: CNVD-2021-29857 // VULMON: CVE-2020-28695 // JVNDB: JVNDB-2020-016438 // CNNVD: CNNVD-202103-1568 // NVD: CVE-2020-28695

REFERENCES

url:https://cr1pt0.medium.com/cve-2020-28695-8f8d618ac0b

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28695

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/94.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-29857 // VULMON: CVE-2020-28695 // JVNDB: JVNDB-2020-016438 // CNNVD: CNNVD-202103-1568 // NVD: CVE-2020-28695

SOURCES

db:CNVDid:CNVD-2021-29857
db:VULMONid:CVE-2020-28695
db:JVNDBid:JVNDB-2020-016438
db:CNNVDid:CNNVD-202103-1568
db:NVDid:CVE-2020-28695

LAST UPDATE DATE

2024-11-23T22:54:53.901000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-29857date:2021-04-22T00:00:00
db:VULMONid:CVE-2020-28695date:2021-04-02T00:00:00
db:JVNDBid:JVNDB-2020-016438date:2021-12-03T09:03:00
db:CNNVDid:CNNVD-202103-1568date:2022-07-14T00:00:00
db:NVDid:CVE-2020-28695date:2024-11-21T05:23:08.043

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-29857date:2021-04-21T00:00:00
db:VULMONid:CVE-2020-28695date:2021-03-26T00:00:00
db:JVNDBid:JVNDB-2020-016438date:2021-12-03T00:00:00
db:CNNVDid:CNNVD-202103-1568date:2021-03-26T00:00:00
db:NVDid:CVE-2020-28695date:2021-03-26T18:15:12.030