Details of VAR-201908-2204

ID

VAR-201908-2204

TITLE

USR-LTE-7S4 V2 has multiple remote command execution vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2019-23509

DESCRIPTION

Jinan Youren Internet Technology Co., Ltd. is a technology company that makes serial networking modules. There are multiple remote command execution vulnerabilities in the 4G module USR-LTE-7S4 V2 in Jinan Youren Internet Technology Co., Ltd. Allows an attacker to execute commands remotely.

Trust: 0.6

sources: CNVD: CNVD-2019-23509

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-23509

AFFECTED PRODUCTS

vendor:

jinan youren internet

model:

usr-lte-7s4

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2019-23509

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2019-23509
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2019-23509
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:A/AC:H/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2019-23509

PATCH

title:

4g module (USR-LTE-7S4 V2) has multiple remote command execution vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/168761

Trust: 0.6

sources: CNVD: CNVD-2019-23509

EXTERNAL IDS

db:

CNVD

id:

CNVD-2019-23509

Trust: 0.6

sources: CNVD: CNVD-2019-23509

SOURCES

db:

CNVD

id:

CNVD-2019-23509

LAST UPDATE DATE

2022-05-04T09:42:51.050000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2019-23509

date:

2019-07-22T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2019-23509

date:

2019-08-25T00:00:00