Sign-up

ID

VAR-202001-0313


CVE

CVE-2019-20348


TITLE

OKER G232V1 In the device OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001327

DESCRIPTION

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks. OKER G232V1 Devices include: OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. OKER G232V1 is a network camera. An access control error vulnerability exists in OKER G232V1 v1.03.02.20161129. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles

Trust: 2.16

sources: NVD: CVE-2019-20348 // JVNDB: JVNDB-2020-001327 // CNVD: CNVD-2020-03016

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03016

AFFECTED PRODUCTS

vendor:okerthaimodel:g232v1scope:eqversion:1.03.02.20161129

Trust: 1.6

vendor:crown computermodel:g232v1scope:eqversion:1.03.02.20161129

Trust: 0.8

vendor:okermodel:g232v1scope:eqversion:1.03.02.20161129

Trust: 0.6

vendor:okerthaimodel:g232v1scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-03016 // JVNDB: JVNDB-2020-001327 // CNNVD: CNNVD-202001-134 // NVD: CVE-2019-20348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20348
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-20348
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-03016
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-134
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-20348
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03016
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-20348
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-20348
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03016 // JVNDB: JVNDB-2020-001327 // CNNVD: CNNVD-202001-134 // NVD: CVE-2019-20348

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2020-001327 // NVD: CVE-2019-20348

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202001-134

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001327

PATCH
title:Top Pageurl:http://www.okerthai.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-001327

EXTERNAL IDS
db:NVDid:CVE-2019-20348
Trust: 3.0
db:JVNDBid:JVNDB-2020-001327
Trust: 0.8
db:CNVDid:CNVD-2020-03016
Trust: 0.6
db:CNNVDid:CNNVD-202001-134
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03016 // 
            
            
            
            JVNDB: JVNDB-2020-001327 // 
            
            
            
            CNNVD: CNNVD-202001-134 // 
            
            
            
            NVD: CVE-2019-20348

REFERENCES
url:https://gist.github.com/tanprathan/24cab2eb02937f86961c6380b47ce385
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-20348
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20348
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-03016 // 
            
            
            
            JVNDB: JVNDB-2020-001327 // 
            
            
            
            CNNVD: CNNVD-202001-134 // 
            
            
            
            NVD: CVE-2019-20348

SOURCES
db:CNVDid:CNVD-2020-03016
db:JVNDBid:JVNDB-2020-001327
db:CNNVDid:CNNVD-202001-134
db:NVDid:CVE-2019-20348

LAST UPDATE DATE
2024-11-23T22:33:37.468000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03016date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2020-001327date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-134date:2020-01-21T00:00:00
db:NVDid:CVE-2019-20348date:2024-11-21T04:38:17.693

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03016date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2020-001327date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-134date:2020-01-06T00:00:00
db:NVDid:CVE-2019-20348date:2020-01-06T21:15:11.643