Details of VAR-202001-1651

ID

VAR-202001-1651

CVE

CVE-2020-8087

TITLE

SMC Networks D3G0804W Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-001588

DESCRIPTION

SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument. SMC Networks D3G0804W The device contains an unspecified vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SMC Networks D3G0804W is a SMC network device. The SMC Networks D3G0804W network diagnostic tool has a security vulnerability. Remote attackers can use this vulnerability to submit special requests and execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2020-8087 // JVNDB: JVNDB-2020-001588 // CNVD: CNVD-2020-04817

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-04817

AFFECTED PRODUCTS

vendor:	smc	model:	d3g0804w	scope:	eq	version:	d3gnv5m-3.5.1.6.10_ga	Trust: 1.0
vendor:	smc	model:	d3g0804w	scope:	eq	version:	-	Trust: 0.8
vendor:	smc	model:	d3g0804w	scope:	eq	version:	d3g0804w firmware d3gnv5m-3.5.1.6.10_ga	Trust: 0.8
vendor:	smc	model:	networks d3g0804w	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-04817 // JVNDB: JVNDB-2020-001588 // NVD: CVE-2020-8087

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8087
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-8087
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-04817
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202001-1193
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-8087
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-04817
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-8087
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-8087
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-04817 // JVNDB: JVNDB-2020-001588 // CNNVD: CNNVD-202001-1193 // NVD: CVE-2020-8087

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-001588 // NVD: CVE-2020-8087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1193

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-1193

PATCH

title:	Top Page	url:	http://na.smc.com/	Trust: 0.8
title:	Patch for SMC Networks Arbitrary Command Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/200185	Trust: 0.6

sources: CNVD: CNVD-2020-04817 // JVNDB: JVNDB-2020-001588

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8087	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-001588	Trust: 0.8
db:	CNVD	id:	CNVD-2020-04817	Trust: 0.6
db:	CNNVD	id:	CNNVD-202001-1193	Trust: 0.6

sources: CNVD: CNVD-2020-04817 // JVNDB: JVNDB-2020-001588 // CNNVD: CNNVD-202001-1193 // NVD: CVE-2020-8087

REFERENCES

url:	https://sku11army.blogspot.com/2020/01/smc-networks-remote-code-execution.html	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8087	Trust: 1.4

sources: CNVD: CNVD-2020-04817 // JVNDB: JVNDB-2020-001588 // CNNVD: CNNVD-202001-1193 // NVD: CVE-2020-8087

SOURCES

db:	CNVD	id:	CNVD-2020-04817
db:	JVNDB	id:	JVNDB-2020-001588
db:	CNNVD	id:	CNNVD-202001-1193
db:	NVD	id:	CVE-2020-8087

LAST UPDATE DATE

2024-11-23T22:16:39.490000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-04817	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-001588	date:	2020-02-18T00:00:00
db:	CNNVD	id:	CNNVD-202001-1193	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-8087	date:	2024-11-21T05:38:16.487

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-04817	date:	2020-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-001588	date:	2020-02-18T00:00:00
db:	CNNVD	id:	CNNVD-202001-1193	date:	2020-01-27T00:00:00
db:	NVD	id:	CVE-2020-8087	date:	2020-01-27T20:15:11.073