Sign-up

ID

VAR-202004-2096


CVE

CVE-2020-8797


TITLE

Juplink Intelligent Technologies RX4-1500 injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-33335 // CNNVD: CNNVD-202004-2003

DESCRIPTION

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network. Juplink RX4-1500 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Juplink Intelligent Technologies RX4-1500 is a wireless router of Juplink Intelligent Technologies. There is a security vulnerability in Juplink Intelligent Technologies RX4-1500 v1.0.3 version, which was caused by the program's failure to clean it up before performing user input

Trust: 2.16

sources: NVD: CVE-2020-8797 // JVNDB: JVNDB-2020-004671 // CNVD: CNVD-2020-33335

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-33335

AFFECTED PRODUCTS

vendor:juplinkmodel:rx4-1500scope:eqversion:1.0.3

Trust: 1.8

vendor:juplink intelligentmodel:rx4-1500scope:eqversion:v1.0.3

Trust: 0.6

sources: CNVD: CNVD-2020-33335 // JVNDB: JVNDB-2020-004671 // NVD: CVE-2020-8797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8797
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004671
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-33335
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-2003
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-8797
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004671
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-33335
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-8797
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004671
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-33335 // JVNDB: JVNDB-2020-004671 // CNNVD: CNNVD-202004-2003 // NVD: CVE-2020-8797

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-74

Trust: 0.8

sources: JVNDB: JVNDB-2020-004671 // NVD: CVE-2020-8797

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2003

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-2003

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004671

PATCH
title:WIFI 6 Router RX4-1500url:https://juplink.com/products/juplink-wifi-6-router-ax1500-dual-band-ax-wifi-router
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004671

EXTERNAL IDS
db:NVDid:CVE-2020-8797
Trust: 3.0
db:JVNDBid:JVNDB-2020-004671
Trust: 0.8
db:CNVDid:CNVD-2020-33335
Trust: 0.6
db:CNNVDid:CNNVD-202004-2003
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33335 // 
            
            
            
            JVNDB: JVNDB-2020-004671 // 
            
            
            
            CNNVD: CNNVD-202004-2003 // 
            
            
            
            NVD: CVE-2020-8797

REFERENCES
url:https://cerne.xyz/bugs/cve-2020-8797.html
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-8797
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8797
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-33335 // 
            
            
            
            JVNDB: JVNDB-2020-004671 // 
            
            
            
            CNNVD: CNNVD-202004-2003 // 
            
            
            
            NVD: CVE-2020-8797

SOURCES
db:CNVDid:CNVD-2020-33335
db:JVNDBid:JVNDB-2020-004671
db:CNNVDid:CNNVD-202004-2003
db:NVDid:CVE-2020-8797

LAST UPDATE DATE
2024-11-23T23:11:26.380000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-33335date:2020-06-16T00:00:00
db:JVNDBid:JVNDB-2020-004671date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-2003date:2020-05-06T00:00:00
db:NVDid:CVE-2020-8797date:2024-11-21T05:39:27.510

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-33335date:2020-06-16T00:00:00
db:JVNDBid:JVNDB-2020-004671date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-2003date:2020-04-23T00:00:00
db:NVDid:CVE-2020-8797date:2020-04-23T18:15:11.903