Details of VAR-202008-0615

ID

VAR-202008-0615

CVE

CVE-2020-15062

TITLE

DIGITUS DA-70254 4-Port Gigabit Network Hub Inadequate protection of credentials on devices Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-009037

DESCRIPTION

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. (DoS) It may be put into a state. Assmann Electronic DIGITUS DA-70254 4-Port Gigabit Network Hub is a gigabit network hub made by Assmann Electronic in Germany. Attackers can use this vulnerability by sniffing unencrypted UDP traffic to obtain management passwords and increase their authority

Trust: 2.16

sources: NVD: CVE-2020-15062 // JVNDB: JVNDB-2020-009037 // CNVD: CNVD-2020-46792

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['home & office device']	sub_category:	printer	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-46792

AFFECTED PRODUCTS

vendor:	digitus	model:	da-70254	scope:	eq	version:	2.073.000.e0008	Trust: 1.8
vendor:	digitus	model:	da-70254 2.073.000.e0008	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-46792 // JVNDB: JVNDB-2020-009037 // NVD: CVE-2020-15062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15062
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-009037
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-46792
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202008-302
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-15062
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009037
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-46792
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15062
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009037
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-46792 // JVNDB: JVNDB-2020-009037 // CNNVD: CNNVD-202008-302 // NVD: CVE-2020-15062

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.8
problemtype:	CWE-319	Trust: 1.0

sources: JVNDB: JVNDB-2020-009037 // NVD: CVE-2020-15062

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202008-302

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-302

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009037

PATCH

title:

Archivartikel | DIGITUS USB 2.0 4-Port Gigabit Netzwerk Hub

url:

https://www.digitus.info/de/produkte/archiv/da-70254

Trust: 0.8

sources: JVNDB: JVNDB-2020-009037

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15062	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-009037	Trust: 0.8
db:	CNVD	id:	CNVD-2020-46792	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-302	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-46792 // JVNDB: JVNDB-2020-009037 // CNNVD: CNNVD-202008-302 // NVD: CVE-2020-15062

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-15062	Trust: 2.0
url:	https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers/	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15062	Trust: 0.8
url:	https://research.hisolutions.com/2020/07/high-impact-vulnerabilites-in-multiple-usb-network-servers/	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2020-46792 // JVNDB: JVNDB-2020-009037 // CNNVD: CNNVD-202008-302 // NVD: CVE-2020-15062

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2020-46792
db:	JVNDB	id:	JVNDB-2020-009037
db:	CNNVD	id:	CNNVD-202008-302
db:	NVD	id:	CVE-2020-15062

LAST UPDATE DATE

2025-01-30T22:18:23.127000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-46792	date:	2020-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-009037	date:	2020-10-15T00:00:00
db:	CNNVD	id:	CNNVD-202008-302	date:	2020-08-10T00:00:00
db:	NVD	id:	CVE-2020-15062	date:	2024-11-21T05:04:43.903

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-46792	date:	2020-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-009037	date:	2020-10-15T00:00:00
db:	CNNVD	id:	CNNVD-202008-302	date:	2020-08-07T00:00:00
db:	NVD	id:	CVE-2020-15062	date:	2020-08-07T22:15:13.273