Details of VAR-202010-1640

ID

VAR-202010-1640

TITLE

Shanghai ZLAN Information Technology Co., Ltd. ZLAN7144N2 has an arbitrary password reset vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-57238

DESCRIPTION

Shanghai ZLAN Information Technology Co., Ltd. is a high-tech enterprise that provides industrial IoT solutions. It was established in 2008. Its products include serial server, IoT chips, serial to Ethernet, etc. Shanghai ZLAN Information Technology Co., Ltd. ZLAN7144N2 has an arbitrary password reset vulnerability. An attacker can use the vulnerability to send a specific message to the port through the network to reset the device's password.

Trust: 0.6

sources: CNVD: CNVD-2020-57238

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-57238

AFFECTED PRODUCTS

vendor:

zlan information

model:

zlan7144n2

scope:

version:

1.5.02

Trust: 0.6

sources: CNVD: CNVD-2020-57238

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2020-57238
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-57238
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2020-57238

EXTERNAL IDS

db:

CNVD

id:

CNVD-2020-57238

Trust: 0.6

sources: CNVD: CNVD-2020-57238

SOURCES

db:

CNVD

id:

CNVD-2020-57238

LAST UPDATE DATE

2022-05-04T09:15:41.760000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2020-57238

date:

2020-10-19T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2020-57238

date:

2020-10-19T00:00:00