Sign-up

ID

VAR-202004-0090


CVE

CVE-2020-10514


TITLE

iCatch DVR Input verification vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-004383

DESCRIPTION

iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. iCatch DVR There is an input verification vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. iCATCH DVR is a digital video recorder (DVR) from China Desirable International (iCATCH). Attackers can use this vulnerability to execute arbitrary commands

Trust: 2.25

sources: NVD: CVE-2020-10514 // JVNDB: JVNDB-2020-004383 // CNVD: CNVD-2020-35732 // VULHUB: VHN-163000

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-35732

AFFECTED PRODUCTS

vendor:icatchincmodel:dvrscope:ltversion:20200103

Trust: 1.0

vendor:icatchmodel:dvrscope:eqversion:2020/01/03

Trust: 0.8

vendor:icatchmodel:dvrscope:ltversion:20200103

Trust: 0.6

sources: CNVD: CNVD-2020-35732 // JVNDB: JVNDB-2020-004383 // NVD: CVE-2020-10514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10514
value: HIGH

Trust: 1.0

twcert@cert.org.tw: CVE-2020-10514
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004383
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-35732
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1191
value: HIGH

Trust: 0.6

VULHUB: VHN-163000
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-10514
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004383
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-35732
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-163000
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-10514
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-004383
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-35732 // VULHUB: VHN-163000 // JVNDB: JVNDB-2020-004383 // CNNVD: CNNVD-202004-1191 // NVD: CVE-2020-10514 // NVD: CVE-2020-10514

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-163000 // JVNDB: JVNDB-2020-004383 // NVD: CVE-2020-10514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1191

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-1191

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004383

PATCH
title:Top Pageurl:http://www.icatchinc.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004383

EXTERNAL IDS
db:NVDid:CVE-2020-10514
Trust: 3.1
db:JVNDBid:JVNDB-2020-004383
Trust: 0.8
db:CNNVDid:CNNVD-202004-1191
Trust: 0.7
db:CNVDid:CNVD-2020-35732
Trust: 0.6
db:VULHUBid:VHN-163000
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-35732 // 
            
            
            
            VULHUB: VHN-163000 // 
            
            
            
            JVNDB: JVNDB-2020-004383 // 
            
            
            
            CNNVD: CNNVD-202004-1191 // 
            
            
            
            NVD: CVE-2020-10514

REFERENCES
url:https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d
Trust: 2.5
url:https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-10514
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10514
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-35732 // 
            
            
            
            VULHUB: VHN-163000 // 
            
            
            
            JVNDB: JVNDB-2020-004383 // 
            
            
            
            CNNVD: CNNVD-202004-1191 // 
            
            
            
            NVD: CVE-2020-10514

SOURCES
db:CNVDid:CNVD-2020-35732
db:VULHUBid:VHN-163000
db:JVNDBid:JVNDB-2020-004383
db:CNNVDid:CNNVD-202004-1191
db:NVDid:CVE-2020-10514

LAST UPDATE DATE
2024-11-23T23:04:26.645000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-35732date:2020-07-01T00:00:00
db:VULHUBid:VHN-163000date:2022-05-03T00:00:00
db:JVNDBid:JVNDB-2020-004383date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1191date:2022-05-05T00:00:00
db:NVDid:CVE-2020-10514date:2024-11-21T04:55:30.830

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-35732date:2020-07-01T00:00:00
db:VULHUBid:VHN-163000date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004383date:2020-05-14T00:00:00
db:CNNVDid:CNNVD-202004-1191date:2020-04-15T00:00:00
db:NVDid:CVE-2020-10514date:2020-04-15T07:15:13.003