Details of VAR-202001-1776

ID

VAR-202001-1776

CVE

CVE-2020-7231

TITLE

Evoko Home Vulnerabilities in information disclosure through error messages

Trust: 0.8

sources: JVNDB: JVNDB-2020-001463

DESCRIPTION

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid. Evoko Home Contains an information disclosure vulnerability through error messages.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-7231 // JVNDB: JVNDB-2020-001463

AFFECTED PRODUCTS

vendor:	evoko	model:	home	scope:	eq	version:	1.31	Trust: 1.0
vendor:	evoko unlimited ab	model:	home	scope:	eq	version:	-	Trust: 0.8
vendor:	evoko unlimited ab	model:	home	scope:	lt	version:	1.31	Trust: 0.8

sources: JVNDB: JVNDB-2020-001463 // NVD: CVE-2020-7231

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-7231
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-7231
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202001-877
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-7231
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-7231
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-7231
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-001463 // CNNVD: CNNVD-202001-877 // NVD: CVE-2020-7231

PROBLEMTYPE DATA

problemtype:	CWE-209	Trust: 1.0
problemtype:	Information leak due to error message (CWE-209) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-001463 // NVD: CVE-2020-7231

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-877

PATCH

title:

Top Page

url:

https://www.evoko.se/

Trust: 0.8

sources: JVNDB: JVNDB-2020-001463

EXTERNAL IDS

db:	NVD	id:	CVE-2020-7231	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-001463	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-877	Trust: 0.6

sources: JVNDB: JVNDB-2020-001463 // CNNVD: CNNVD-202001-877 // NVD: CVE-2020-7231

REFERENCES

url:	https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7231	Trust: 1.4

sources: JVNDB: JVNDB-2020-001463 // CNNVD: CNNVD-202001-877 // NVD: CVE-2020-7231

SOURCES

db:	JVNDB	id:	JVNDB-2020-001463
db:	CNNVD	id:	CNNVD-202001-877
db:	NVD	id:	CVE-2020-7231

LAST UPDATE DATE

2024-11-23T22:48:09.199000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-001463	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-877	date:	2021-01-04T00:00:00
db:	NVD	id:	CVE-2020-7231	date:	2024-11-21T05:36:52.810

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-001463	date:	2020-02-10T00:00:00
db:	CNNVD	id:	CNNVD-202001-877	date:	2020-01-19T00:00:00
db:	NVD	id:	CVE-2020-7231	date:	2020-01-19T20:15:11.887