Sign-up

ID

VAR-202009-0800


CVE

CVE-2020-25748


TITLE

plural  Rubetek  Vulnerability in plaintext transmission of important information in cameras

Trust: 0.8

sources: JVNDB: JVNDB-2020-011962

DESCRIPTION

A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values. Rubetek RV-3406 , RV-3409 , RV-3411 Cameras contain a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-25748 // JVNDB: JVNDB-2020-011962 // VULMON: CVE-2020-25748

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:rubetekmodel:rv-3409scope:eqversion:342

Trust: 1.0

vendor:rubetekmodel:rv-3411scope:eqversion:342

Trust: 1.0

vendor:rubetekmodel:rv-3411scope:eqversion:339

Trust: 1.0

vendor:rubetekmodel:rv-3406scope:eqversion:342

Trust: 1.0

vendor:rubetekmodel:rv-3409scope:eqversion:339

Trust: 1.0

vendor:rubetekmodel:rv-3406scope:eqversion:339

Trust: 1.0

vendor:rubetekmodel:rv-3406scope: - version: -

Trust: 0.8

vendor:rubetekmodel:rv-3409scope: - version: -

Trust: 0.8

vendor:rubetekmodel:rv-3411scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011962 // NVD: CVE-2020-25748

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25748
value: HIGH

Trust: 1.0

NVD: CVE-2020-25748
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202009-1541
value: HIGH

Trust: 0.6

VULMON: CVE-2020-25748
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-25748
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-25748
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-25748
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-25748 // JVNDB: JVNDB-2020-011962 // CNNVD: CNNVD-202009-1541 // NVD: CVE-2020-25748

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:Sending important information in clear text (CWE-319) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011962 // NVD: CVE-2020-25748

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1541

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-1541

PATCH

title:Top Pageurl:https://rubetek.com/

Trust: 0.8

title:CVE-2020-25748url:https://github.com/jet-pentest/CVE-2020-25748

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2020-25748 // JVNDB: JVNDB-2020-011962

EXTERNAL IDS

db:NVDid:CVE-2020-25748

Trust: 2.6

db:JVNDBid:JVNDB-2020-011962

Trust: 0.8

db:CNNVDid:CNNVD-202009-1541

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2020-25748

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25748 // JVNDB: JVNDB-2020-011962 // CNNVD: CNNVD-202009-1541 // NVD: CVE-2020-25748

REFERENCES

url:https://github.com/jet-pentest/cve-2020-25748

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-25748

Trust: 1.4

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/319.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25748 // JVNDB: JVNDB-2020-011962 // CNNVD: CNNVD-202009-1541 // NVD: CVE-2020-25748

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2020-25748
db:JVNDBid:JVNDB-2020-011962
db:CNNVDid:CNNVD-202009-1541
db:NVDid:CVE-2020-25748

LAST UPDATE DATE

2025-01-30T21:39:15.062000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-25748date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2020-011962date:2021-04-20T08:27:00
db:CNNVDid:CNNVD-202009-1541date:2020-10-09T00:00:00
db:NVDid:CVE-2020-25748date:2024-11-21T05:18:39.040

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-25748date:2020-09-25T00:00:00
db:JVNDBid:JVNDB-2020-011962date:2021-04-20T00:00:00
db:CNNVDid:CNNVD-202009-1541date:2020-09-25T00:00:00
db:NVDid:CVE-2020-25748date:2020-09-25T04:23:05.107