Details of VAR-202007-1328

ID

VAR-202007-1328

CVE

CVE-2020-5769

TITLE

Teltonika TRB245 cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-44608 // CNNVD: CNNVD-202007-1295

DESCRIPTION

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section. Teltonika A cross-site scripting vulnerability exists in the firmware.Information may be obtained and tampered with. Teltonika TRB245 is a cellular network gateway product of Teltonika, Lithuania. The vulnerability stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2020-5769 // JVNDB: JVNDB-2020-008293 // CNVD: CNVD-2020-44608

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-44608

AFFECTED PRODUCTS

vendor:	teltonika	model:	gateway trb245	scope:	eq	version:	trb2_r_00.02.02	Trust: 1.8
vendor:	teltonika	model:	trb245 trb2 r 00.02.02	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-44608 // JVNDB: JVNDB-2020-008293 // NVD: CVE-2020-5769

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5769
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-008293
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-44608
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202007-1295
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-5769
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008293
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-44608
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-5769
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-008293
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-44608 // JVNDB: JVNDB-2020-008293 // CNNVD: CNNVD-202007-1295 // NVD: CVE-2020-5769

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-008293 // NVD: CVE-2020-5769

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1295

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202007-1295

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008293

PATCH

title:	Top Page	url:	https://teltonika-iot-group.com/	Trust: 0.8
title:	Patch for Teltonika TRB245 cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/229675	Trust: 0.6
title:	Teltonika TRB245 Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124282	Trust: 0.6

sources: CNVD: CNVD-2020-44608 // JVNDB: JVNDB-2020-008293 // CNNVD: CNNVD-202007-1295

EXTERNAL IDS

db:	TENABLE	id:	TRA-2020-43	Trust: 3.0
db:	NVD	id:	CVE-2020-5769	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-008293	Trust: 0.8
db:	CNVD	id:	CNVD-2020-44608	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1295	Trust: 0.6

sources: CNVD: CNVD-2020-44608 // JVNDB: JVNDB-2020-008293 // CNNVD: CNNVD-202007-1295 // NVD: CVE-2020-5769

REFERENCES

url:	https://www.tenable.com/security/research/tra-2020-43-0	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5769	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5769	Trust: 0.8

sources: CNVD: CNVD-2020-44608 // JVNDB: JVNDB-2020-008293 // CNNVD: CNNVD-202007-1295 // NVD: CVE-2020-5769

SOURCES

db:	CNVD	id:	CNVD-2020-44608
db:	JVNDB	id:	JVNDB-2020-008293
db:	CNNVD	id:	CNNVD-202007-1295
db:	NVD	id:	CVE-2020-5769

LAST UPDATE DATE

2024-11-23T22:05:33.209000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-44608	date:	2020-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-008293	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1295	date:	2020-07-23T00:00:00
db:	NVD	id:	CVE-2020-5769	date:	2024-11-21T05:34:34.187

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-44608	date:	2020-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-008293	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1295	date:	2020-07-17T00:00:00
db:	NVD	id:	CVE-2020-5769	date:	2020-07-17T22:15:11.480