Details of VAR-202002-1391

ID

VAR-202002-1391

CVE

CVE-2020-8824

TITLE

Hitron Technologies CODA-4582U Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-13045 // CNNVD: CNNVD-202002-958

DESCRIPTION

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. Hitron CODA-4582U A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. Hitron Technologies CODA-4582U is a modem from Hitron Technologies of Taiwan, China. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2020-8824 // JVNDB: JVNDB-2020-002255 // CNVD: CNVD-2020-13045 // VULMON: CVE-2020-8824

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-13045

AFFECTED PRODUCTS

vendor:	hitrontech	model:	coda-4582u	scope:	eq	version:	7.1.1.30	Trust: 1.6
vendor:	hitron	model:	coda-4582u	scope:	eq	version:	7.1.1.30	Trust: 1.4
vendor:	hitrontech	model:	coda-4582u	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-13045 // JVNDB: JVNDB-2020-002255 // CNNVD: CNNVD-202002-958 // NVD: CVE-2020-8824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8824
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-002255
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-13045
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202002-958
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-8824
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8824
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-002255
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-13045
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-8824
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002255
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-13045 // VULMON: CVE-2020-8824 // JVNDB: JVNDB-2020-002255 // CNNVD: CNNVD-202002-958 // NVD: CVE-2020-8824

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-002255 // NVD: CVE-2020-8824

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-958

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202002-958

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002255

PATCH

title:

Top Page

url:

https://www.hitrontech.com/

Trust: 0.8

sources: JVNDB: JVNDB-2020-002255

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8824	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-002255	Trust: 0.8
db:	CNVD	id:	CNVD-2020-13045	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-958	Trust: 0.6
db:	VULMON	id:	CVE-2020-8824	Trust: 0.1

sources: CNVD: CNVD-2020-13045 // VULMON: CVE-2020-8824 // JVNDB: JVNDB-2020-002255 // CNNVD: CNNVD-202002-958 // NVD: CVE-2020-8824

REFERENCES

url:	https://gist.github.com/9thplayer/df042fe48c314dbc1afad80ffed8387d	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8824	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8824	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/176523	Trust: 0.1

sources: CNVD: CNVD-2020-13045 // VULMON: CVE-2020-8824 // JVNDB: JVNDB-2020-002255 // CNNVD: CNNVD-202002-958 // NVD: CVE-2020-8824

SOURCES

db:	CNVD	id:	CNVD-2020-13045
db:	VULMON	id:	CVE-2020-8824
db:	JVNDB	id:	JVNDB-2020-002255
db:	CNNVD	id:	CNNVD-202002-958
db:	NVD	id:	CVE-2020-8824

LAST UPDATE DATE

2024-11-23T22:37:31.861000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-13045	date:	2020-02-24T00:00:00
db:	VULMON	id:	CVE-2020-8824	date:	2020-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-002255	date:	2020-03-09T00:00:00
db:	CNNVD	id:	CNNVD-202002-958	date:	2020-02-28T00:00:00
db:	NVD	id:	CVE-2020-8824	date:	2024-11-21T05:39:30.800

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-13045	date:	2020-02-24T00:00:00
db:	VULMON	id:	CVE-2020-8824	date:	2020-02-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-002255	date:	2020-03-09T00:00:00
db:	CNNVD	id:	CNNVD-202002-958	date:	2020-02-19T00:00:00
db:	NVD	id:	CVE-2020-8824	date:	2020-02-19T17:15:11.793