Sign-up

ID

VAR-202004-0230


CVE

CVE-2020-11714


TITLE

eten Technologies PSG-6528VM cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-22974 // CNNVD: CNNVD-202004-614

DESCRIPTION

eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location. eten PSG-6528VM A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. eten Technologies PSG-6528VM is a Gigabit PoE switch from Eten Technologies, Taiwan. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2020-11714 // JVNDB: JVNDB-2020-003942 // CNVD: CNVD-2020-22974

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22974

AFFECTED PRODUCTS

vendor:etenmodel:psg-6528vmscope:eqversion:1.1

Trust: 1.4

vendor:etentechmodel:psg-6528vmscope:eqversion:1.1

Trust: 1.0

sources: CNVD: CNVD-2020-22974 // JVNDB: JVNDB-2020-003942 // NVD: CVE-2020-11714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11714
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003942
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-22974
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-614
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-11714
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003942
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-22974
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-11714
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003942
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22974 // JVNDB: JVNDB-2020-003942 // CNNVD: CNNVD-202004-614 // NVD: CVE-2020-11714

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-003942 // NVD: CVE-2020-11714

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-614

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202004-614

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003942

PATCH
title:Top Pageurl:http://www.etentech.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-003942

EXTERNAL IDS
db:NVDid:CVE-2020-11714
Trust: 3.0
db:JVNDBid:JVNDB-2020-003942
Trust: 0.8
db:CNVDid:CNVD-2020-22974
Trust: 0.6
db:CNNVDid:CNNVD-202004-614
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22974 // 
            
            
            
            JVNDB: JVNDB-2020-003942 // 
            
            
            
            CNNVD: CNNVD-202004-614 // 
            
            
            
            NVD: CVE-2020-11714

REFERENCES
url:https://github.com/leona4040/psg-6528vm-xss/blob/master/readme.md
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-11714
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11714
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-003942 // 
            
            
            
            CNNVD: CNNVD-202004-614 // 
            
            
            
            NVD: CVE-2020-11714

SOURCES
db:CNVDid:CNVD-2020-22974
db:JVNDBid:JVNDB-2020-003942
db:CNNVDid:CNNVD-202004-614
db:NVDid:CVE-2020-11714

LAST UPDATE DATE
2024-11-23T23:01:25.510000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22974date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-003942date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-614date:2020-04-14T00:00:00
db:NVDid:CVE-2020-11714date:2024-11-21T04:58:27.900

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22974date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-003942date:2020-04-30T00:00:00
db:CNNVDid:CNNVD-202004-614date:2020-04-12T00:00:00
db:NVDid:CVE-2020-11714date:2020-04-12T18:15:10.273