Details of VAR-201908-2197

ID

VAR-201908-2197

TITLE

Youfang Technology 4G Module Performance King N720 Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2019-22884

DESCRIPTION

Shenzhen Youfang Technology Co., Ltd. is a company specializing in M2M IoT wireless communication products and services. It provides industrial module products and related services in various communication systems such as GPRS, CDMA 1X, WCDMA, EVDO, and LTE. Youfang Technology 4G Module Performance King N720 has a command execution vulnerability. An attacker could use the vulnerability to connect remotely to obtain root shell.

Trust: 0.6

sources: CNVD: CNVD-2019-22884

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-22884

AFFECTED PRODUCTS

vendor:

youfang

model:

4g module performance king n720

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2019-22884

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-22884
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2019-22884
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-22884

PATCH

title:

Command execution vulnerability in Youfang Technology 4G module N720 module

url:

https://www.cnvd.org.cn/patchinfo/show/168875

Trust: 0.6

sources: CNVD: CNVD-2019-22884

EXTERNAL IDS

db:

CNVD

id:

CNVD-2019-22884

Trust: 0.6

sources: CNVD: CNVD-2019-22884

SOURCES

db:

CNVD

id:

CNVD-2019-22884

LAST UPDATE DATE

2022-05-04T09:22:16.520000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-22884

date:

2019-07-23T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2019-22884

date:

2019-08-26T00:00:00