Sign-up

ID

VAR-202001-1781


CVE

CVE-2020-7236


TITLE

UHP UHP-100 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-03933 // CNNVD: CNNVD-202001-882

DESCRIPTION

UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section). UHP UHP-100 The device contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. UHP-100 is a high-performance router designed for large-scale deployment in broadband VSAT networks. UHP UHP-100 Cross-site scripting vulnerabilities exist in versions 3.4.1.15, 3.4.2.4, and 3.4.3. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2020-7236 // JVNDB: JVNDB-2020-001414 // CNVD: CNVD-2020-03933

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03933

AFFECTED PRODUCTS

vendor:uhpmodel:uhp-100scope:eqversion:3.4.1.15

Trust: 1.8

vendor:uhpmodel:uhp-100scope:eqversion:3.4.2.4

Trust: 1.8

vendor:uhpmodel:uhp-100scope:eqversion:3.4.3

Trust: 1.8

vendor:uhpmodel:networks uhp-100scope:eqversion:3.4.1.15

Trust: 0.6

vendor:uhpmodel:networks uhp-100scope:eqversion:3.4.2.4

Trust: 0.6

vendor:uhpmodel:networks uhp-100scope:eqversion:3.4.3

Trust: 0.6

sources: CNVD: CNVD-2020-03933 // JVNDB: JVNDB-2020-001414 // NVD: CVE-2020-7236

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-7236
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-7236
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-03933
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-882
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-7236
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-03933
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-7236
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2020-7236
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03933 // JVNDB: JVNDB-2020-001414 // CNNVD: CNNVD-202001-882 // NVD: CVE-2020-7236

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-001414 // NVD: CVE-2020-7236

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-882

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202001-882

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001414

PATCH
title:UHP-100url:http://www.uhp.net/products/routers/uhp-100/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-001414

EXTERNAL IDS
db:NVDid:CVE-2020-7236
Trust: 3.0
db:JVNDBid:JVNDB-2020-001414
Trust: 0.8
db:CNVDid:CNVD-2020-03933
Trust: 0.6
db:CNNVDid:CNNVD-202001-882
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-03933 // 
            
            
            
            JVNDB: JVNDB-2020-001414 // 
            
            
            
            CNNVD: CNNVD-202001-882 // 
            
            
            
            NVD: CVE-2020-7236

REFERENCES
url:https://sku11army.blogspot.com/2020/01/uhp-networks-multiple-reflected-xss-in.html
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-7236
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-7236
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-03933 // 
            
            
            
            JVNDB: JVNDB-2020-001414 // 
            
            
            
            CNNVD: CNNVD-202001-882 // 
            
            
            
            NVD: CVE-2020-7236

SOURCES
db:CNVDid:CNVD-2020-03933
db:JVNDBid:JVNDB-2020-001414
db:CNNVDid:CNNVD-202001-882
db:NVDid:CVE-2020-7236

LAST UPDATE DATE
2024-11-23T22:21:20.887000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03933date:2020-02-06T00:00:00
db:JVNDBid:JVNDB-2020-001414date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-882date:2021-01-05T00:00:00
db:NVDid:CVE-2020-7236date:2024-11-21T05:36:53.493

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03933date:2020-02-06T00:00:00
db:JVNDBid:JVNDB-2020-001414date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-882date:2020-01-19T00:00:00
db:NVDid:CVE-2020-7236date:2020-01-19T21:15:11.100