Sign-up

ID

VAR-202002-1231


CVE

CVE-2020-6760


TITLE

Schmid ZI 620 V400 VPN In the router OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-001742

DESCRIPTION

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping. Schmid ZI 620 V400 VPN The router has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Schmid ZI 620 V400 VPN 090 Router is a router device. The vulnerability stems from the process of externally inputting data to construct the executable command of the operating system, and the network system or product did not properly filter the special characters and commands in it. The vulnerability executes illegal operating system commands

Trust: 2.16

sources: NVD: CVE-2020-6760 // JVNDB: JVNDB-2020-001742 // CNVD: CNVD-2020-09610

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-09610

AFFECTED PRODUCTS

vendor:schmid telecommodel:zi 620 v400scope:eqversion:090

Trust: 1.0

vendor:schmid telecom zurichmodel:zi 620 v400scope:eqversion:090

Trust: 0.8

vendor:schmidmodel:zi vpn routerscope:eqversion:620v400090

Trust: 0.6

sources: CNVD: CNVD-2020-09610 // JVNDB: JVNDB-2020-001742 // NVD: CVE-2020-6760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6760
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-001742
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-09610
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-190
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-6760
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-001742
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-09610
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-6760
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-001742
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-09610 // JVNDB: JVNDB-2020-001742 // CNNVD: CNNVD-202002-190 // NVD: CVE-2020-6760

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2020-001742 // NVD: CVE-2020-6760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-190

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202002-190

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001742

PATCH
title:Top Pageurl:http://www.schmid-zurich.ch/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-001742

EXTERNAL IDS
db:NVDid:CVE-2020-6760
Trust: 3.0
db:JVNDBid:JVNDB-2020-001742
Trust: 0.8
db:CNVDid:CNVD-2020-09610
Trust: 0.6
db:CNNVDid:CNNVD-202002-190
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-09610 // 
            
            
            
            JVNDB: JVNDB-2020-001742 // 
            
            
            
            CNNVD: CNNVD-202002-190 // 
            
            
            
            NVD: CVE-2020-6760

REFERENCES
url:https://github.com/0xedh/someshit/blob/master/cve-2020-6760.md
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2020-6760
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6760
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-09610 // 
            
            
            
            JVNDB: JVNDB-2020-001742 // 
            
            
            
            CNNVD: CNNVD-202002-190 // 
            
            
            
            NVD: CVE-2020-6760

SOURCES
db:CNVDid:CNVD-2020-09610
db:JVNDBid:JVNDB-2020-001742
db:CNNVDid:CNNVD-202002-190
db:NVDid:CVE-2020-6760

LAST UPDATE DATE
2024-11-23T22:21:16.198000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-09610date:2020-02-15T00:00:00
db:JVNDBid:JVNDB-2020-001742date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-190date:2023-05-18T00:00:00
db:NVDid:CVE-2020-6760date:2024-11-21T05:36:09.207

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-09610date:2020-02-13T00:00:00
db:JVNDBid:JVNDB-2020-001742date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-190date:2020-02-06T00:00:00
db:NVDid:CVE-2020-6760date:2020-02-06T21:15:11.580