Sign-up

ID

VAR-202002-1338


CVE

CVE-2020-9021


TITLE

Post Oak AWAM Bluetooth Field Device In OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002108

DESCRIPTION

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. (DoS) It may be put into a state. An attacker could use this vulnerability to gain root access to the device

Trust: 2.16

sources: NVD: CVE-2020-9021 // JVNDB: JVNDB-2020-002108 // CNVD: CNVD-2020-15562

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['network device']sub_category:bluetooth device

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-15562

AFFECTED PRODUCTS

vendor:postoaktrafficmodel:awam bluetooth field devicescope:eqversion:2011.3

Trust: 1.0

vendor:postoaktrafficmodel:awam bluetooth field devicescope:eqversion:7400v2.08.21.2018

Trust: 1.0

vendor:postoaktrafficmodel:awam bluetooth field devicescope:eqversion:7800sd.2012.12.5

Trust: 1.0

vendor:postoaktrafficmodel:awam bluetooth field devicescope:eqversion:7400v2.02.01.2019

Trust: 1.0

vendor:postoaktrafficmodel:awam bluetooth field devicescope:eqversion:7800sd.2015.1.16

Trust: 1.0

vendor:post oak trafficmodel:awam bluetooth field devicescope:eqversion:2011.3

Trust: 0.8

vendor:post oak trafficmodel:awam bluetooth field devicescope:eqversion:7400v2.02.01.2019

Trust: 0.8

vendor:post oak trafficmodel:awam bluetooth field devicescope:eqversion:7400v2.08.21.2018

Trust: 0.8

vendor:post oak trafficmodel:awam bluetooth field devicescope:eqversion:7800sd.2012.12.5

Trust: 0.8

vendor:post oak trafficmodel:awam bluetooth field devicescope:eqversion:7800sd.2015.1.16

Trust: 0.8

vendor:postmodel:oaktraffic systems awam bluetooth field devicescope:eqversion:7400v2.08.21.2018

Trust: 0.6

vendor:postmodel:oaktraffic systems awam bluetooth field device 7800sd.2015.1.16scope: - version: -

Trust: 0.6

vendor:postmodel:oaktraffic systems awam bluetooth field devicescope:eqversion:2011.3

Trust: 0.6

vendor:postmodel:oaktraffic systems awam bluetooth field devicescope:eqversion:7400v2.02.01.2019

Trust: 0.6

vendor:postmodel:oaktraffic systems awam bluetooth field device 7800sd.2012.12.5scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-15562 // JVNDB: JVNDB-2020-002108 // NVD: CVE-2020-9021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9021
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-002108
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-15562
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-888
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-9021
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002108
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-15562
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9021
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002108
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-15562 // JVNDB: JVNDB-2020-002108 // CNNVD: CNNVD-202002-888 // NVD: CVE-2020-9021

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2020-002108 // NVD: CVE-2020-9021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-888

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202002-888

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002108

PATCH
title:Top Pageurl:http://www.postoaktraffic.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-002108

EXTERNAL IDS
db:NVDid:CVE-2020-9021
Trust: 3.1
db:JVNDBid:JVNDB-2020-002108
Trust: 0.8
db:SEEBUGid:SSVID-98138
Trust: 0.6
db:SEEBUGid:SSVID-98139
Trust: 0.6
db:CNVDid:CNVD-2020-15562
Trust: 0.6
db:CNNVDid:CNNVD-202002-888
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-15562 // 
            
            
            
            JVNDB: JVNDB-2020-002108 // 
            
            
            
            CNNVD: CNNVD-202002-888 // 
            
            
            
            NVD: CVE-2020-9021

REFERENCES
url:https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9021
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-9021
Trust: 0.8
url:http://www.postoaktraffic.com/
Trust: 0.6
url:https://www.seebug.org/vuldb/ssvid-98138
Trust: 0.6
url:https://www.seebug.org/vuldb/ssvid-98139
Trust: 0.6
url:https://www.zoomeye.org/searchresult?q=%22%2fcgi-bin%2fawamconfig.py
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-udaya-testing-on-production-12345/
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2020-15562 // 
            
            
            
            JVNDB: JVNDB-2020-002108 // 
            
            
            
            CNNVD: CNNVD-202002-888 // 
            
            
            
            NVD: CVE-2020-9021

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2020-15562
db:JVNDBid:JVNDB-2020-002108
db:CNNVDid:CNNVD-202002-888
db:NVDid:CVE-2020-9021

LAST UPDATE DATE
2025-01-30T19:56:12.976000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-15562date:2020-03-05T00:00:00
db:JVNDBid:JVNDB-2020-002108date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-888date:2020-07-27T00:00:00
db:NVDid:CVE-2020-9021date:2024-11-21T05:39:50.727

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-15562date:2020-03-05T00:00:00
db:JVNDBid:JVNDB-2020-002108date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-888date:2020-02-17T00:00:00
db:NVDid:CVE-2020-9021date:2020-02-17T04:15:10.780