Details of VAR-202001-1773

ID

VAR-202001-1773

CVE

CVE-2020-7227

TITLE

Westermo MRD-315 Information Disclosure Vulnerability

Trust: 1.4

sources: IVD: 42925348-d1f4-47e2-ba90-c070a46bc108 // CNVD: CNVD-2020-04006 // CNNVD: CNNVD-202001-874

DESCRIPTION

Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp. Westermo MRD-315 The device contains an information disclosure vulnerability.Information may be obtained. Westermo MRD-315 is a 3G wireless router from Westermo, Sweden. The vulnerability stems from configuration errors in the network system or product during operation. An attacker could use the vulnerability to obtain sensitive information about the affected components

Trust: 2.34

sources: NVD: CVE-2020-7227 // JVNDB: JVNDB-2020-001462 // CNVD: CNVD-2020-04006 // IVD: 42925348-d1f4-47e2-ba90-c070a46bc108

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 42925348-d1f4-47e2-ba90-c070a46bc108 // CNVD: CNVD-2020-04006

AFFECTED PRODUCTS

vendor:	westermo	model:	mrd-315	scope:	eq	version:	1.7.3	Trust: 1.6
vendor:	westermo	model:	mrd-315	scope:	eq	version:	1.7.4	Trust: 1.6
vendor:	westermo	model:	mrd-315	scope:	eq	version:	-	Trust: 0.8
vendor:	westermo	model:	mrd-315	scope:	eq	version:	mrd-315 firmware 1.7.3	Trust: 0.8
vendor:	westermo	model:	mrd-315	scope:	eq	version:	mrd-315 firmware 1.7.4	Trust: 0.8
vendor:	mrd 315	model:	-	scope:	eq	version:	1.7.3	Trust: 0.2
vendor:	mrd 315	model:	-	scope:	eq	version:	1.7.4	Trust: 0.2

sources: IVD: 42925348-d1f4-47e2-ba90-c070a46bc108 // CNVD: CNVD-2020-04006 // JVNDB: JVNDB-2020-001462 // NVD: CVE-2020-7227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7227
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-7227
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-04006
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202001-874
value:	MEDIUM
Trust: 0.6
IVD:	42925348-d1f4-47e2-ba90-c070a46bc108
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2020-7227
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-04006
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	42925348-d1f4-47e2-ba90-c070a46bc108
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2020-7227
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-7227
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 42925348-d1f4-47e2-ba90-c070a46bc108 // CNVD: CNVD-2020-04006 // JVNDB: JVNDB-2020-001462 // CNNVD: CNNVD-202001-874 // NVD: CVE-2020-7227

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-001462 // NVD: CVE-2020-7227

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-874

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202001-874

PATCH

title:

Top Page

url:

https://www.westermo.us/

Trust: 0.8

sources: JVNDB: JVNDB-2020-001462

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7227	Trust: 3.2
db:	CNVD	id:	CNVD-2020-04006	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-874	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-001462	Trust: 0.8
db:	IVD	id:	42925348-D1F4-47E2-BA90-C070A46BC108	Trust: 0.2

sources: IVD: 42925348-d1f4-47e2-ba90-c070a46bc108 // CNVD: CNVD-2020-04006 // JVNDB: JVNDB-2020-001462 // CNNVD: CNNVD-202001-874 // NVD: CVE-2020-7227

REFERENCES

url:	https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7227	Trust: 2.0

sources: CNVD: CNVD-2020-04006 // JVNDB: JVNDB-2020-001462 // CNNVD: CNNVD-202001-874 // NVD: CVE-2020-7227

SOURCES

db:	IVD	id:	42925348-d1f4-47e2-ba90-c070a46bc108
db:	CNVD	id:	CNVD-2020-04006
db:	JVNDB	id:	JVNDB-2020-001462
db:	CNNVD	id:	CNNVD-202001-874
db:	NVD	id:	CVE-2020-7227

LAST UPDATE DATE

2024-11-23T22:37:33.572000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-04006	date:	2020-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-001462	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-874	date:	2021-07-26T00:00:00
db:	NVD	id:	CVE-2020-7227	date:	2024-11-21T05:36:52.353

SOURCES RELEASE DATE

db:	IVD	id:	42925348-d1f4-47e2-ba90-c070a46bc108	date:	2020-01-18T00:00:00
db:	CNVD	id:	CNVD-2020-04006	date:	2020-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-001462	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-874	date:	2020-01-18T00:00:00
db:	NVD	id:	CVE-2020-7227	date:	2020-01-18T19:15:11.167