Details of VAR-202007-1509

ID

VAR-202007-1509

TITLE

ZLAN serial server has unauthorized access vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-33957

DESCRIPTION

Shanghai ZLAN Information Technology Co., Ltd. is a high-tech enterprise providing industrial IoT solutions. The ZLAN serial server has an unauthorized access vulnerability. Attackers can use the vulnerability to log in to the WEB management interface without authorization.

Trust: 0.6

sources: CNVD: CNVD-2020-33957

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-33957

AFFECTED PRODUCTS

vendor:	zlan information	model:	serial server zlan5102	scope:	-	version:	-	Trust: 0.6
vendor:	zlan information	model:	serial server zlan5103	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-33957

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-33957
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-33957
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-33957

PATCH

title:

Unauthorized access vulnerability exists in HTTP protocol of ZLAN5102/5103 serial server

url:

https://www.cnvd.org.cn/patchinfo/show/220939

Trust: 0.6

sources: CNVD: CNVD-2020-33957

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-33957

Trust: 0.6

sources: CNVD: CNVD-2020-33957

SOURCES

db:

CNVD

id:

CNVD-2020-33957

LAST UPDATE DATE

2022-05-04T09:38:06.687000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-33957

date:

2020-06-23T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-33957

date:

2020-07-25T00:00:00