Sign-up

ID

VAR-202004-0539


CVE

CVE-2020-11966


TITLE

IQrouter Vulnerability in requesting weak passwords in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004614

DESCRIPTION

In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter There is a vulnerability in requesting a weak password.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Evenroute IQrouter is an intelligent router of American Evenroute. Evenroute IQrouter 3.3.1 and previous versions have a security vulnerability in the ‘reset_password’ function in the web panel

Trust: 2.16

sources: NVD: CVE-2020-11966 // JVNDB: JVNDB-2020-004614 // CNVD: CNVD-2020-25368

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-25368

AFFECTED PRODUCTS

vendor:evenroutemodel:iqrouterscope:lteversion:3.3.1

Trust: 1.0

vendor:evenroutemodel:iqrouterscope:eqversion:3.3.1

Trust: 0.8

vendor:evenroutemodel:iqrouterscope:lteversion:<=3.3.1

Trust: 0.6

sources: CNVD: CNVD-2020-25368 // JVNDB: JVNDB-2020-004614 // NVD: CVE-2020-11966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11966
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004614
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-25368
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-1803
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-11966
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004614
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-25368
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-11966
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004614
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-25368 // JVNDB: JVNDB-2020-004614 // CNNVD: CNNVD-202004-1803 // NVD: CVE-2020-11966

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.8

sources: JVNDB: JVNDB-2020-004614 // NVD: CVE-2020-11966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1803

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1803

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004614

PATCH
title:Top Pageurl:https://evenroute.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004614

EXTERNAL IDS
db:NVDid:CVE-2020-11966
Trust: 3.0
db:JVNDBid:JVNDB-2020-004614
Trust: 0.8
db:CNVDid:CNVD-2020-25368
Trust: 0.6
db:CXSECURITYid:WLB-2020040125
Trust: 0.6
db:CNNVDid:CNNVD-202004-1803
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-25368 // 
            
            
            
            JVNDB: JVNDB-2020-004614 // 
            
            
            
            CNNVD: CNNVD-202004-1803 // 
            
            
            
            NVD: CVE-2020-11966

REFERENCES
url:https://pastebin.com/grscsbsu
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-11966
Trust: 2.0
url:https://evenroute.zendesk.com/hc/en-us/articles/216107838-how-do-i-configure-an-iqrouter-
Trust: 1.6
url:https://evenroute.com/
Trust: 1.6
url:https://openwrt.org/docs/guide-quick-start/walkthrough_login
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11966
Trust: 0.8
url:https://cxsecurity.com/issue/wlb-2020040125
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-25368 // 
            
            
            
            JVNDB: JVNDB-2020-004614 // 
            
            
            
            CNNVD: CNNVD-202004-1803 // 
            
            
            
            NVD: CVE-2020-11966

CREDITS
drakylar
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202004-1803

SOURCES
db:CNVDid:CNVD-2020-25368
db:JVNDBid:JVNDB-2020-004614
db:CNNVDid:CNNVD-202004-1803
db:NVDid:CVE-2020-11966

LAST UPDATE DATE
2024-11-23T22:05:44.483000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-25368date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-004614date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1803date:2020-12-01T00:00:00
db:NVDid:CVE-2020-11966date:2024-11-21T04:59:00.370

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-25368date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-004614date:2020-05-22T00:00:00
db:CNNVDid:CNNVD-202004-1803date:2020-04-21T00:00:00
db:NVDid:CVE-2020-11966date:2020-04-21T13:15:14.990