Details of VAR-202006-0568

ID

VAR-202006-0568

CVE

CVE-2020-14054

TITLE

Sokkia GNR5 SQL injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-25696 // CNNVD: CNNVD-202006-1024

DESCRIPTION

SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page. SOKKIA GNR5 Vanguard To SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Sokkia GNR5 is a GNSS (Satellite Navigation System) reference receiver of Japan's Sokkia Company

Trust: 2.16

sources: NVD: CVE-2020-14054 // JVNDB: JVNDB-2020-006889 // CNVD: CNVD-2021-25696

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-25696

AFFECTED PRODUCTS

vendor:	sokkia	model:	gnr5 vanguard	scope:	eq	version:	1.2	Trust: 2.4
vendor:	sokkia	model:	gnr5 vanguard	scope:	eq	version:	212	Trust: 0.6

sources: CNVD: CNVD-2021-25696 // JVNDB: JVNDB-2020-006889 // NVD: CVE-2020-14054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14054
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-006889
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-25696
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-1024
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-14054
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006889
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-25696
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14054
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006889
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-25696 // JVNDB: JVNDB-2020-006889 // CNNVD: CNNVD-202006-1024 // NVD: CVE-2020-14054

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2020-006889 // NVD: CVE-2020-14054

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1024

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-1024

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006889

PATCH

title:

Top Page

url:

https://us.sokkia.com/

Trust: 0.8

sources: JVNDB: JVNDB-2020-006889

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14054	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-006889	Trust: 0.8
db:	CNVD	id:	CNVD-2021-25696	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1024	Trust: 0.6

sources: CNVD: CNVD-2021-25696 // JVNDB: JVNDB-2020-006889 // CNNVD: CNNVD-202006-1024 // NVD: CVE-2020-14054

REFERENCES

url:	http://www.hemayate.com/?page_id=3683	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14054	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14054	Trust: 0.8

sources: CNVD: CNVD-2021-25696 // JVNDB: JVNDB-2020-006889 // CNNVD: CNNVD-202006-1024 // NVD: CVE-2020-14054

SOURCES

db:	CNVD	id:	CNVD-2021-25696
db:	JVNDB	id:	JVNDB-2020-006889
db:	CNNVD	id:	CNNVD-202006-1024
db:	NVD	id:	CVE-2020-14054

LAST UPDATE DATE

2024-11-23T22:44:34.006000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-25696	date:	2021-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-006889	date:	2020-07-22T00:00:00
db:	CNNVD	id:	CNNVD-202006-1024	date:	2020-06-30T00:00:00
db:	NVD	id:	CVE-2020-14054	date:	2024-11-21T05:02:26.560

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-25696	date:	2021-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-006889	date:	2020-07-22T00:00:00
db:	CNNVD	id:	CNNVD-202006-1024	date:	2020-06-15T00:00:00
db:	NVD	id:	CVE-2020-14054	date:	2020-06-15T16:15:22.863