Details of VAR-202012-0308

ID

VAR-202012-0308

CVE

CVE-2020-25011

TITLE

Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Vulnerability in improper permission assignment for critical resources in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-014717

DESCRIPTION

A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. KPS2204 is a programmable protocol converter specially developed for serial device networking applications. Beijing Dongtu Technology Co., Ltd. KPS2204 has an information disclosure vulnerability, which can be exploited by attackers to obtain sensitive information

Trust: 2.16

sources: NVD: CVE-2020-25011 // JVNDB: JVNDB-2020-014717 // CNVD: CNVD-2020-55988

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-55988

AFFECTED PRODUCTS

vendor:	kyland	model:	kps2204 6 port managed din-rail programmable serial device	scope:	eq	version:	r0002.p05	Trust: 1.0
vendor:	kyland	model:	kps2204 6 port managed din-rail programmable serial device	scope:	eq	version:	-	Trust: 0.8
vendor:	kyland	model:	kps2204 6 port managed din-rail programmable serial device	scope:	eq	version:	kps2204 6 port managed din-rail programmable serial device firmware r0002.p05	Trust: 0.8
vendor:	dongtu	model:	kps2204	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-55988 // JVNDB: JVNDB-2020-014717 // NVD: CVE-2020-25011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-25011
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2020-25011
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-55988
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202012-1235
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-25011
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-55988
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-25011
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-25011
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-55988 // JVNDB: JVNDB-2020-014717 // CNNVD: CNNVD-202012-1235 // NVD: CVE-2020-25011

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.0
problemtype:	Improper permission assignment for critical resources (CWE-732) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014717 // NVD: CVE-2020-25011

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1235

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-1235

PATCH

title:

Top Page

url:

https://www.kyland.com/

Trust: 0.8

sources: JVNDB: JVNDB-2020-014717

EXTERNAL IDS

db:	NVD	id:	CVE-2020-25011	Trust: 2.4
db:	CNVD	id:	CNVD-2020-55988	Trust: 2.2
db:	JVNDB	id:	JVNDB-2020-014717	Trust: 0.8
db:	CNNVD	id:	CNNVD-202012-1235	Trust: 0.6

sources: CNVD: CNVD-2020-55988 // JVNDB: JVNDB-2020-014717 // CNNVD: CNNVD-202012-1235 // NVD: CVE-2020-25011

REFERENCES

url:	https://github.com/anfieldqi/cve_list/blob/master/cve-2020-25011.md	Trust: 2.4
url:	https://www.cnvd.org.cn/flaw/show/cnvd-2020-55988	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25011	Trust: 1.4

sources: JVNDB: JVNDB-2020-014717 // CNNVD: CNNVD-202012-1235 // NVD: CVE-2020-25011

SOURCES

db:	CNVD	id:	CNVD-2020-55988
db:	JVNDB	id:	JVNDB-2020-014717
db:	CNNVD	id:	CNNVD-202012-1235
db:	NVD	id:	CVE-2020-25011

LAST UPDATE DATE

2024-11-23T21:35:02.632000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-55988	date:	2020-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-014717	date:	2021-08-27T07:24:00
db:	CNNVD	id:	CNNVD-202012-1235	date:	2020-12-24T00:00:00
db:	NVD	id:	CVE-2020-25011	date:	2024-11-21T05:16:29.430

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-55988	date:	2020-10-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-014717	date:	2021-08-27T00:00:00
db:	CNNVD	id:	CNNVD-202012-1235	date:	2020-12-16T00:00:00
db:	NVD	id:	CVE-2020-25011	date:	2020-12-17T04:15:12.793