Details of VAR-202101-0228

ID

VAR-202101-0228

CVE

CVE-2020-26732

TITLE

Skyworth GN542VF Boa Vulnerability regarding lack of encryption of critical data in

Trust: 0.8

sources: JVNDB: JVNDB-2020-015463

DESCRIPTION

SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. Skyworth GN542VF Boa There is a vulnerability in the lack of encryption of critical data.Information may be obtained. Skyworth Gn542vf is a network TV equipment of China Skyworth Company. Attackers can use the vulnerability to capture session cookies

Trust: 2.25

sources: NVD: CVE-2020-26732 // JVNDB: JVNDB-2020-015463 // CNVD: CNVD-2021-06537 // VULMON: CVE-2020-26732

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-06537

AFFECTED PRODUCTS

vendor:	skyworth	model:	gn542vf boa	scope:	eq	version:	0.94.13	Trust: 1.6
vendor:	skyworth digital holdings	model:	gn542vf boa	scope:	eq	version:	gn542vf boa firmware 0.94.13	Trust: 0.8
vendor:	skyworth digital holdings	model:	gn542vf boa	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-06537 // JVNDB: JVNDB-2020-015463 // NVD: CVE-2020-26732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26732
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2020-26732
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-26732
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-06537
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202101-1144
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-26732
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26732
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-06537
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-26732
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-26732
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-06537 // VULMON: CVE-2020-26732 // JVNDB: JVNDB-2020-015463 // CNNVD: CNNVD-202101-1144 // NVD: CVE-2020-26732 // NVD: CVE-2020-26732

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.0
problemtype:	Lack of encryption of critical data (CWE-311) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-015463 // NVD: CVE-2020-26732

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1144

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1144

PATCH

title:	Top Page	url:	https://www.skyworthdigital.com/	Trust: 0.8
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2020-26732	Trust: 0.1
title:	CVE-2020-26732	url:	https://github.com/swzhouu/CVE-2020-26732	Trust: 0.1
title:	PoC	url:	https://github.com/Jonathan-Elias/PoC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1

sources: VULMON: CVE-2020-26732 // JVNDB: JVNDB-2020-015463

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26732	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-015463	Trust: 0.8
db:	CNVD	id:	CNVD-2021-06537	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1144	Trust: 0.6
db:	VULMON	id:	CVE-2020-26732	Trust: 0.1

sources: CNVD: CNVD-2021-06537 // VULMON: CVE-2020-26732 // JVNDB: JVNDB-2020-015463 // CNNVD: CNNVD-202101-1144 // NVD: CVE-2020-26732

REFERENCES

url:	https://github.com/swzhouu/cve-2020-26732	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-26732	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/311.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2020-26732	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-06537 // VULMON: CVE-2020-26732 // JVNDB: JVNDB-2020-015463 // CNNVD: CNNVD-202101-1144 // NVD: CVE-2020-26732

SOURCES

db:	CNVD	id:	CNVD-2021-06537
db:	VULMON	id:	CVE-2020-26732
db:	JVNDB	id:	JVNDB-2020-015463
db:	CNNVD	id:	CNNVD-202101-1144
db:	NVD	id:	CVE-2020-26732

LAST UPDATE DATE

2024-11-23T22:58:05.156000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-06537	date:	2021-01-26T00:00:00
db:	VULMON	id:	CVE-2020-26732	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-015463	date:	2021-09-27T06:46:00
db:	CNNVD	id:	CNNVD-202101-1144	date:	2022-07-06T00:00:00
db:	NVD	id:	CVE-2020-26732	date:	2024-11-21T05:20:16.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-06537	date:	2021-01-26T00:00:00
db:	VULMON	id:	CVE-2020-26732	date:	2021-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-015463	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1144	date:	2021-01-14T00:00:00
db:	NVD	id:	CVE-2020-26732	date:	2021-01-14T16:15:17.740