Details of VAR-202004-0541

ID

VAR-202004-0541

CVE

CVE-2020-11968

TITLE

Evenroute IQrouter log information disclosure vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-25370 // CNNVD: CNNVD-202004-1787

DESCRIPTION

In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”. IQrouter Exists in a vulnerability related to information leakage from log files.Information may be obtained. Evenroute IQrouter is an intelligent router of American Evenroute. Evenroute IQrouter 3.3.1 and previous versions have a security hole in the web panel

Trust: 2.16

sources: NVD: CVE-2020-11968 // JVNDB: JVNDB-2020-004616 // CNVD: CNVD-2020-25370

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-25370

AFFECTED PRODUCTS

vendor:	evenroute	model:	iqrouter	scope:	lte	version:	3.3.1	Trust: 1.0
vendor:	evenroute	model:	iqrouter	scope:	eq	version:	3.3.1	Trust: 0.8
vendor:	evenroute	model:	iqrouter	scope:	lte	version:	<=3.3.1	Trust: 0.6

sources: CNVD: CNVD-2020-25370 // JVNDB: JVNDB-2020-004616 // NVD: CVE-2020-11968

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11968
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-004616
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-25370
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-1787
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-11968
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004616
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-25370
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-11968
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004616
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-25370 // JVNDB: JVNDB-2020-004616 // CNNVD: CNNVD-202004-1787 // NVD: CVE-2020-11968

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.8

sources: JVNDB: JVNDB-2020-004616 // NVD: CVE-2020-11968

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1787

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202004-1787

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004616

PATCH

title:

Top Page

url:

https://evenroute.com/

Trust: 0.8

sources: JVNDB: JVNDB-2020-004616

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11968	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-004616	Trust: 0.8
db:	CNVD	id:	CNVD-2020-25370	Trust: 0.6
db:	CXSECURITY	id:	WLB-2020040125	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-1787	Trust: 0.6

sources: CNVD: CNVD-2020-25370 // JVNDB: JVNDB-2020-004616 // CNNVD: CNNVD-202004-1787 // NVD: CVE-2020-11968

REFERENCES

url:	https://pastebin.com/grscsbsu	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11968	Trust: 2.0
url:	https://evenroute.zendesk.com/hc/en-us/articles/216107838-how-do-i-configure-an-iqrouter-	Trust: 1.6
url:	https://evenroute.com/	Trust: 1.6
url:	https://openwrt.org/docs/guide-quick-start/walkthrough_login	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11968	Trust: 0.8
url:	https://cxsecurity.com/issue/wlb-2020040125	Trust: 0.6

sources: CNVD: CNVD-2020-25370 // JVNDB: JVNDB-2020-004616 // CNNVD: CNNVD-202004-1787 // NVD: CVE-2020-11968

CREDITS

drakylar

Trust: 0.6

sources: CNNVD: CNNVD-202004-1787

SOURCES

db:	CNVD	id:	CNVD-2020-25370
db:	JVNDB	id:	JVNDB-2020-004616
db:	CNNVD	id:	CNNVD-202004-1787
db:	NVD	id:	CVE-2020-11968

LAST UPDATE DATE

2024-11-23T22:05:44.458000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-25370	date:	2020-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-004616	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1787	date:	2020-12-01T00:00:00
db:	NVD	id:	CVE-2020-11968	date:	2024-11-21T04:59:00.683

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-25370	date:	2020-04-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-004616	date:	2020-05-22T00:00:00
db:	CNNVD	id:	CNNVD-202004-1787	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2020-11968	date:	2020-04-21T13:15:15.130