Sign-up

ID

VAR-202012-0084


CVE

CVE-2020-10207


TITLE

plural  Amino Communications  Product vulnerabilities to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2020-015301

DESCRIPTION

Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings. plural Amino Communications The product contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-10207 // JVNDB: JVNDB-2020-015301

AFFECTED PRODUCTS

vendor:aminomodel:ak5xxscope:eqversion: -

Trust: 1.0

vendor:aminomodel:kami7bscope:eqversion: -

Trust: 1.0

vendor:aminomodel:ak65xscope:eqversion: -

Trust: 1.0

vendor:aminomodel:ak45xscope:eqversion: -

Trust: 1.0

vendor:aminomodel:aria6xxscope:eqversion: -

Trust: 1.0

vendor:aminomodel:aria7xxscope:eqversion: -

Trust: 1.0

vendor:aminomodel:ak45xscope: - version: -

Trust: 0.8

vendor:aminomodel:aria6xxscope: - version: -

Trust: 0.8

vendor:aminomodel:ak5xxscope: - version: -

Trust: 0.8

vendor:aminomodel:kami7bscope: - version: -

Trust: 0.8

vendor:aminomodel:ak65xscope: - version: -

Trust: 0.8

vendor:aminomodel:aria7xxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-015301 // NVD: CVE-2020-10207

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10207
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-10207
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202012-1761
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-10207
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-10207
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-10207
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-015301 // CNNVD: CNNVD-202012-1761 // NVD: CVE-2020-10207

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Using hardcoded credentials (CWE-798) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-015301 // NVD: CVE-2020-10207

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1761

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202012-1761

PATCH

title:Top Pageurl:https://www.amino.tv/

Trust: 0.8

title:Multiple Amino Repair measures for product trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138140

Trust: 0.6

sources: JVNDB: JVNDB-2020-015301 // CNNVD: CNNVD-202012-1761

EXTERNAL IDS

db:NVDid:CVE-2020-10207

Trust: 2.4

db:JVNDBid:JVNDB-2020-015301

Trust: 0.8

db:CNNVDid:CNNVD-202012-1761

Trust: 0.6

sources: JVNDB: JVNDB-2020-015301 // CNNVD: CNNVD-202012-1761 // NVD: CVE-2020-10207

REFERENCES

url:https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#87fe

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-10207

Trust: 0.8

sources: JVNDB: JVNDB-2020-015301 // CNNVD: CNNVD-202012-1761 // NVD: CVE-2020-10207

SOURCES

db:JVNDBid:JVNDB-2020-015301
db:CNNVDid:CNNVD-202012-1761
db:NVDid:CVE-2020-10207

LAST UPDATE DATE

2024-11-23T22:47:48.905000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-015301date:2021-09-16T07:56:00
db:CNNVDid:CNNVD-202012-1761date:2021-01-20T00:00:00
db:NVDid:CVE-2020-10207date:2024-11-21T04:54:57.850

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-015301date:2021-09-16T00:00:00
db:CNNVDid:CNNVD-202012-1761date:2020-12-29T00:00:00
db:NVDid:CVE-2020-10207date:2020-12-29T23:15:12.190