Sign-up

ID

VAR-202009-0799


CVE

CVE-2020-25747


TITLE

plural  Rubetek  Authentication vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2020-011961

DESCRIPTION

The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings. Rubetek RV-3406 , RV-3409 , RV-3411 The camera contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-25747 // JVNDB: JVNDB-2020-011961 // VULMON: CVE-2020-25747

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:rubetekmodel:rv-3409scope:eqversion:342

Trust: 1.0

vendor:rubetekmodel:rv-3411scope:eqversion:342

Trust: 1.0

vendor:rubetekmodel:rv-3411scope:eqversion:339

Trust: 1.0

vendor:rubetekmodel:rv-3406scope:eqversion:342

Trust: 1.0

vendor:rubetekmodel:rv-3409scope:eqversion:339

Trust: 1.0

vendor:rubetekmodel:rv-3406scope:eqversion:339

Trust: 1.0

vendor:rubetekmodel:rv-3406scope: - version: -

Trust: 0.8

vendor:rubetekmodel:rv-3409scope: - version: -

Trust: 0.8

vendor:rubetekmodel:rv-3411scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011961 // NVD: CVE-2020-25747

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25747
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-25747
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202009-1543
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-25747
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-25747
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-25747
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2020-25747
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-25747 // JVNDB: JVNDB-2020-011961 // CNNVD: CNNVD-202009-1543 // NVD: CVE-2020-25747

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011961 // NVD: CVE-2020-25747

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1543

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202009-1543

PATCH

title:Top Pageurl:https://rubetek.com/

Trust: 0.8

title:CVE-2020-25747url:https://github.com/jet-pentest/CVE-2020-25747

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2020-25747 // JVNDB: JVNDB-2020-011961

EXTERNAL IDS

db:NVDid:CVE-2020-25747

Trust: 2.6

db:JVNDBid:JVNDB-2020-011961

Trust: 0.8

db:CNNVDid:CNNVD-202009-1543

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2020-25747

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25747 // JVNDB: JVNDB-2020-011961 // CNNVD: CNNVD-202009-1543 // NVD: CVE-2020-25747

REFERENCES

url:https://github.com/jet-pentest/cve-2020-25747

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-25747

Trust: 1.4

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25747 // JVNDB: JVNDB-2020-011961 // CNNVD: CNNVD-202009-1543 // NVD: CVE-2020-25747

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2020-25747
db:JVNDBid:JVNDB-2020-011961
db:CNNVDid:CNNVD-202009-1543
db:NVDid:CVE-2020-25747

LAST UPDATE DATE

2025-01-30T22:07:31.864000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-25747date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-011961date:2021-04-20T08:27:00
db:CNNVDid:CNNVD-202009-1543date:2020-10-09T00:00:00
db:NVDid:CVE-2020-25747date:2024-11-21T05:18:38.827

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-25747date:2020-09-25T00:00:00
db:JVNDBid:JVNDB-2020-011961date:2021-04-20T00:00:00
db:CNNVDid:CNNVD-202009-1543date:2020-09-25T00:00:00
db:NVDid:CVE-2020-25747date:2020-09-25T04:23:05.027