Sign-up

ID

VAR-202008-0611


CVE

CVE-2020-15058


TITLE

Lindy 42633 4-Port USB 2.0 Gigabit Network Server Inadequate protection of credentials on devices Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-009033

DESCRIPTION

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. (DoS) It may be put into a state. Lindy 42633 2.078.000 has a privilege escalation vulnerability. Attackers on the same network can use this vulnerability to elevate permissions

Trust: 2.25

sources: NVD: CVE-2020-15058 // JVNDB: JVNDB-2020-009033 // CNVD: CNVD-2020-50163 // VULMON: CVE-2020-15058

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-50163

AFFECTED PRODUCTS

vendor:lindymodel:42633scope:eqversion:2.078.000

Trust: 1.8

vendor:lindymodel:lindyscope:eqversion:426332.078.000

Trust: 0.6

sources: CNVD: CNVD-2020-50163 // JVNDB: JVNDB-2020-009033 // NVD: CVE-2020-15058

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15058
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009033
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-50163
value: LOW

Trust: 0.6

CNNVD: CNNVD-202008-295
value: HIGH

Trust: 0.6

VULMON: CVE-2020-15058
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-15058
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-009033
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-50163
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-15058
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009033
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-50163 // VULMON: CVE-2020-15058 // JVNDB: JVNDB-2020-009033 // CNNVD: CNNVD-202008-295 // NVD: CVE-2020-15058

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.8

problemtype:CWE-319

Trust: 1.0

sources: JVNDB: JVNDB-2020-009033 // NVD: CVE-2020-15058

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202008-295

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-295

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009033

PATCH
title:4 Port USB 2.0 Gigabit Network Serverurl:https://www.lindy-international.com/4-Port-USB-2-0-Gigabit-Network-Server.htm?websale8=ld0101.ld020102&pi=42633
Trust: 0.8
title:Patch for Lindy 42633 Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/232876
Trust: 0.6
title:Lindy 42633 4-Port USB 2.0 Gigabit Network Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125596
Trust: 0.6
title:CVE-Flowurl:https://github.com/404notf0und/CVE-Flow 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-50163 // 
            
            
            
            VULMON: CVE-2020-15058 // 
            
            
            
            JVNDB: JVNDB-2020-009033 // 
            
            
            
            CNNVD: CNNVD-202008-295

EXTERNAL IDS
db:NVDid:CVE-2020-15058
Trust: 3.1
db:JVNDBid:JVNDB-2020-009033
Trust: 0.8
db:CNVDid:CNVD-2020-50163
Trust: 0.6
db:CNNVDid:CNNVD-202008-295
Trust: 0.6
db:VULMONid:CVE-2020-15058
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-50163 // 
            
            
            
            VULMON: CVE-2020-15058 // 
            
            
            
            JVNDB: JVNDB-2020-009033 // 
            
            
            
            CNNVD: CNNVD-202008-295 // 
            
            
            
            NVD: CVE-2020-15058

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-15058
Trust: 2.0
url:https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15058
Trust: 0.8
url:https://research.hisolutions.com/2020/07/high-impact-vulnerabilites-in-multiple-usb-network-servers/
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/319.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/404notf0und/cve-flow
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-50163 // 
            
            
            
            VULMON: CVE-2020-15058 // 
            
            
            
            JVNDB: JVNDB-2020-009033 // 
            
            
            
            CNNVD: CNNVD-202008-295 // 
            
            
            
            NVD: CVE-2020-15058

SOURCES
db:CNVDid:CNVD-2020-50163
db:VULMONid:CVE-2020-15058
db:JVNDBid:JVNDB-2020-009033
db:CNNVDid:CNNVD-202008-295
db:NVDid:CVE-2020-15058

LAST UPDATE DATE
2024-11-23T22:21:03.946000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-50163date:2020-09-03T00:00:00
db:VULMONid:CVE-2020-15058date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-009033date:2020-10-15T00:00:00
db:CNNVDid:CNNVD-202008-295date:2020-08-10T00:00:00
db:NVDid:CVE-2020-15058date:2024-11-21T05:04:43.280

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-50163date:2020-09-03T00:00:00
db:VULMONid:CVE-2020-15058date:2020-08-07T00:00:00
db:JVNDBid:JVNDB-2020-009033date:2020-10-15T00:00:00
db:CNNVDid:CNNVD-202008-295date:2020-08-07T00:00:00
db:NVDid:CVE-2020-15058date:2020-08-07T22:15:13.037