Details of VAR-202006-0920

ID

VAR-202006-0920

CVE

CVE-2020-14461

TITLE

ZyXEL Armor X1 WAP6806 Path Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-36768 // CNNVD: CNNVD-202006-1530

DESCRIPTION

Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. ZyXEL Armor X1 WAP6806 is a wireless network card product of ZyXEL Corporation of Taiwan, China. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. An attacker could use the vulnerability to access a location outside the restricted directory

Trust: 2.25

sources: NVD: CVE-2020-14461 // JVNDB: JVNDB-2020-006954 // CNVD: CNVD-2020-36768 // VULMON: CVE-2020-14461

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-36768

AFFECTED PRODUCTS

vendor:	zyxel	model:	wap6806	scope:	eq	version:	1.00\(abal.6\)c0	Trust: 1.0
vendor:	zyxel	model:	wap6806	scope:	eq	version:	1.00(abal.6)c0	Trust: 0.8
vendor:	zyxel	model:	armor wap6806 1.00 c0	scope:	eq	version:	x1	Trust: 0.6

sources: CNVD: CNVD-2020-36768 // JVNDB: JVNDB-2020-006954 // NVD: CVE-2020-14461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14461
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006954
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-36768
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-1530
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-14461
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-14461
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-006954
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-36768
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14461
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006954
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-36768 // VULMON: CVE-2020-14461 // JVNDB: JVNDB-2020-006954 // CNNVD: CNNVD-202006-1530 // NVD: CVE-2020-14461

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2020-006954 // NVD: CVE-2020-14461

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1530

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202006-1530

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006954

PATCH

title:	Top Page	url:	https://www.zyxel.com/homepage.shtml	Trust: 0.8
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2020-14461	Trust: 0.1

sources: VULMON: CVE-2020-14461 // JVNDB: JVNDB-2020-006954

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14461	Trust: 3.1
db:	PACKETSTORM	id:	158428	Trust: 2.5
db:	CXSECURITY	id:	WLB-2020060088	Trust: 2.3
db:	JVNDB	id:	JVNDB-2020-006954	Trust: 0.8
db:	CNVD	id:	CNVD-2020-36768	Trust: 0.6
db:	EXPLOIT-DB	id:	48669	Trust: 0.6
db:	NSFOCUS	id:	46970	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1530	Trust: 0.6
db:	VULMON	id:	CVE-2020-14461	Trust: 0.1

sources: CNVD: CNVD-2020-36768 // VULMON: CVE-2020-14461 // JVNDB: JVNDB-2020-006954 // CNNVD: CNNVD-202006-1530 // NVD: CVE-2020-14461

REFERENCES

url:	http://packetstormsecurity.com/files/158428/zyxel-armor-x1-wap6806-directory-traversal.html	Trust: 2.5
url:	https://cxsecurity.com/issue/wlb-2020060088	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14461	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14461	Trust: 0.8
url:	https://www.exploit-db.com/exploits/48669	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/46970	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2020-14461	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-36768 // VULMON: CVE-2020-14461 // JVNDB: JVNDB-2020-006954 // CNNVD: CNNVD-202006-1530 // NVD: CVE-2020-14461

CREDITS

Rajivarnan R

Trust: 0.6

sources: CNNVD: CNNVD-202006-1530

SOURCES

db:	CNVD	id:	CNVD-2020-36768
db:	VULMON	id:	CVE-2020-14461
db:	JVNDB	id:	JVNDB-2020-006954
db:	CNNVD	id:	CNNVD-202006-1530
db:	NVD	id:	CVE-2020-14461

LAST UPDATE DATE

2024-11-23T22:11:27.981000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-36768	date:	2021-02-23T00:00:00
db:	VULMON	id:	CVE-2020-14461	date:	2023-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-006954	date:	2020-07-27T00:00:00
db:	CNNVD	id:	CNNVD-202006-1530	date:	2020-07-16T00:00:00
db:	NVD	id:	CVE-2020-14461	date:	2024-11-21T05:03:20.190

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-36768	date:	2020-07-07T00:00:00
db:	VULMON	id:	CVE-2020-14461	date:	2020-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-006954	date:	2020-07-27T00:00:00
db:	CNNVD	id:	CNNVD-202006-1530	date:	2020-06-22T00:00:00
db:	NVD	id:	CVE-2020-14461	date:	2020-06-22T13:15:12.427