Details of VAR-202004-2235

ID

VAR-202004-2235

TITLE

Denial of Service Vulnerability in NA-VIEW V2.0 (Special for 15-inch Touch Screen) of Nanda Auto Technology Jiangsu Co., Ltd. (CNVD-2020-21838)

Trust: 0.6

sources: CNVD: CNVD-2020-21838

DESCRIPTION

NA-VIEW is a touch screen configuration software. NA-VIEW V2.0 (only for 15-inch touch screen) of Nanda Auto Technology Jiangsu Co., Ltd. has a denial of service vulnerability. An attacker can use the vulnerability to construct a malformed BMP image that can cause the program to crash.

Trust: 0.6

sources: CNVD: CNVD-2020-21838

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-21838

AFFECTED PRODUCTS

vendor:

nanda auto jiangsu

model:

na-view touch screen configuration software

scope:

version:

v2.0

Trust: 0.6

sources: CNVD: CNVD-2020-21838

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-21838
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-21838
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-21838

PATCH

title:

Nanda Auto Extension NA-VIEW touch screen configuration software V2.0 (for 15-inch touch screen only) has a denial of service vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/207921

Trust: 0.6

sources: CNVD: CNVD-2020-21838

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-21838

Trust: 0.6

sources: CNVD: CNVD-2020-21838

SOURCES

db:

CNVD

id:

CNVD-2020-21838

LAST UPDATE DATE

2022-05-04T09:38:10.928000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-21838

date:

2020-04-13T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-21838

date:

2020-04-19T00:00:00