Details of VAR-202004-0540

ID

VAR-202004-0540

CVE

CVE-2020-11967

TITLE

IQrouter Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004615

DESCRIPTION

In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Evenroute IQrouter is an intelligent router of American Evenroute

Trust: 2.16

sources: NVD: CVE-2020-11967 // JVNDB: JVNDB-2020-004615 // CNVD: CNVD-2020-25369

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25369

AFFECTED PRODUCTS

vendor:	evenroute	model:	iqrouter	scope:	lte	version:	3.3.1	Trust: 1.0
vendor:	evenroute	model:	iqrouter	scope:	eq	version:	3.3.1	Trust: 0.8
vendor:	evenroute	model:	iqrouter	scope:	lte	version:	<=3.3.1	Trust: 0.6

sources: CNVD: CNVD-2020-25369 // JVNDB: JVNDB-2020-004615 // NVD: CVE-2020-11967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11967
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-004615
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-25369
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202004-1785
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-11967
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004615
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25369
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-11967
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004615
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-25369 // JVNDB: JVNDB-2020-004615 // CNNVD: CNNVD-202004-1785 // NVD: CVE-2020-11967

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.0
problemtype:	CWE-269	Trust: 0.8

sources: JVNDB: JVNDB-2020-004615 // NVD: CVE-2020-11967

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1785

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1785

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004615

PATCH

title:

Top Page

url:

https://evenroute.com/

Trust: 0.8

sources: JVNDB: JVNDB-2020-004615

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11967	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-004615	Trust: 0.8
db:	CNVD	id:	CNVD-2020-25369	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1785	Trust: 0.6

sources: CNVD: CNVD-2020-25369 // JVNDB: JVNDB-2020-004615 // CNNVD: CNNVD-202004-1785 // NVD: CVE-2020-11967

REFERENCES

url:	https://pastebin.com/grscsbsu	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11967	Trust: 2.0
url:	https://evenroute.zendesk.com/hc/en-us/articles/216107838-how-do-i-configure-an-iqrouter-	Trust: 1.6
url:	https://evenroute.com/	Trust: 1.6
url:	https://openwrt.org/docs/guide-quick-start/walkthrough_login	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11967	Trust: 0.8

sources: CNVD: CNVD-2020-25369 // JVNDB: JVNDB-2020-004615 // CNNVD: CNNVD-202004-1785 // NVD: CVE-2020-11967

SOURCES

db:	CNVD	id:	CNVD-2020-25369
db:	JVNDB	id:	JVNDB-2020-004615
db:	CNNVD	id:	CNNVD-202004-1785
db:	NVD	id:	CVE-2020-11967

LAST UPDATE DATE

2024-11-23T21:35:59.195000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-25369	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-004615	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1785	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2020-11967	date:	2024-11-21T04:59:00.543

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-25369	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-004615	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1785	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2020-11967	date:	2020-04-21T13:15:15.067