Details of VAR-202002-1339

ID

VAR-202002-1339

CVE

CVE-2020-9022

TITLE

plural Xirrus Cross-site scripting vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-002043

DESCRIPTION

An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. plural Xirrus A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. Cambium Networks Xirrus XR520 is a wireless access point device of Cambium Networks in the United States. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2020-9022 // JVNDB: JVNDB-2020-002043 // CNVD: CNVD-2020-29565

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-29565

AFFECTED PRODUCTS

vendor:	cambiumnetworks	model:	xr520	scope:	eq	version:	-	Trust: 2.2
vendor:	cambiumnetworks	model:	xr620	scope:	eq	version:	-	Trust: 2.2
vendor:	cambiumnetworks	model:	xh2-120	scope:	eq	version:	-	Trust: 2.2
vendor:	cambiumnetworks	model:	xr2436	scope:	eq	version:	-	Trust: 2.2
vendor:	cambium	model:	xh2-120	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	xr2436	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	xr520	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	xr620	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	networks xh2-120	scope:	-	version:	-	Trust: 0.6
vendor:	cambium	model:	networks xr2436	scope:	-	version:	-	Trust: 0.6
vendor:	cambium	model:	networks xr620	scope:	-	version:	-	Trust: 0.6
vendor:	cambium	model:	networks xr520	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-29565 // JVNDB: JVNDB-2020-002043 // CNNVD: CNNVD-202002-887 // NVD: CVE-2020-9022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9022
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002043
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-29565
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202002-887
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9022
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002043
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-29565
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9022
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002043
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-29565 // JVNDB: JVNDB-2020-002043 // CNNVD: CNNVD-202002-887 // NVD: CVE-2020-9022

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-002043 // NVD: CVE-2020-9022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-887

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202002-887

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002043

PATCH

title:

Top Page

url:

https://www.cambiumnetworks.com/

Trust: 0.8

sources: JVNDB: JVNDB-2020-002043

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9022	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-002043	Trust: 0.8
db:	CNVD	id:	CNVD-2020-29565	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-887	Trust: 0.6

sources: CNVD: CNVD-2020-29565 // JVNDB: JVNDB-2020-002043 // CNNVD: CNNVD-202002-887 // NVD: CVE-2020-9022

REFERENCES

url:	https://sku11army.blogspot.com/2020/01/xirrus-xirrus-wifi-xss.html	Trust: 3.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9022	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9022	Trust: 0.8

sources: CNVD: CNVD-2020-29565 // JVNDB: JVNDB-2020-002043 // CNNVD: CNNVD-202002-887 // NVD: CVE-2020-9022

SOURCES

db:	CNVD	id:	CNVD-2020-29565
db:	JVNDB	id:	JVNDB-2020-002043
db:	CNNVD	id:	CNNVD-202002-887
db:	NVD	id:	CVE-2020-9022

LAST UPDATE DATE

2024-11-23T22:33:35.245000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-29565	date:	2020-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-002043	date:	2020-03-03T00:00:00
db:	CNNVD	id:	CNNVD-202002-887	date:	2020-02-20T00:00:00
db:	NVD	id:	CVE-2020-9022	date:	2024-11-21T05:39:50.850

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-29565	date:	2020-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-002043	date:	2020-03-03T00:00:00
db:	CNNVD	id:	CNNVD-202002-887	date:	2020-02-17T00:00:00
db:	NVD	id:	CVE-2020-9022	date:	2020-02-17T04:15:10.843