Details of VAR-202103-0135

ID

VAR-202103-0135

CVE

CVE-2020-19639

TITLE

INSMA Wifi Mini Spy 1080P HD Security IP Camera cross-site request forgery vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-28360 // CNNVD: CNNVD-202103-1632

DESCRIPTION

Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI. Attackers can use this vulnerability to access the web through all fields

Trust: 2.25

sources: NVD: CVE-2020-19639 // JVNDB: JVNDB-2020-016401 // CNVD: CNVD-2021-28360 // VULMON: CVE-2020-19639

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	IP camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-28360

AFFECTED PRODUCTS

vendor:	insma	model:	wifi mini spy 1080p hd security ip camera	scope:	eq	version:	1.9.7b	Trust: 1.0
vendor:	insma	model:	wifi mini spy 1080p hd security ip camera	scope:	eq	version:	wifi mini spy 1080p hd security ip camera firmware 1.9.7 b	Trust: 0.8
vendor:	insma	model:	wifi mini spy 1080p hd security ip camera	scope:	eq	version:	-	Trust: 0.8
vendor:	insma	model:	wifi mini spy 1080p hd security ip camera b	scope:	eq	version:	1.9.7	Trust: 0.6

sources: CNVD: CNVD-2021-28360 // JVNDB: JVNDB-2020-016401 // NVD: CVE-2020-19639

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-19639
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-19639
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-28360
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1632
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-19639
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-19639
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-28360
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-19639
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-19639
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-28360 // VULMON: CVE-2020-19639 // JVNDB: JVNDB-2020-016401 // CNNVD: CNNVD-202103-1632 // NVD: CVE-2020-19639

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.0
problemtype:	Cross-site request forgery (CWE-352) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-016401 // NVD: CVE-2020-19639

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1632

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202103-1632

PATCH

title:	Top Page	url:	https://www.insma.company/	Trust: 0.8
title:	INSMA Wifi Mini Spy 1080P HD Security IP Camera Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146190	Trust: 0.6

sources: JVNDB: JVNDB-2020-016401 // CNNVD: CNNVD-202103-1632

EXTERNAL IDS

db:	NVD	id:	CVE-2020-19639	Trust: 3.2
db:	JVNDB	id:	JVNDB-2020-016401	Trust: 0.8
db:	CNVD	id:	CNVD-2021-28360	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1632	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-19639	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-28360 // VULMON: CVE-2020-19639 // JVNDB: JVNDB-2020-016401 // CNNVD: CNNVD-202103-1632 // NVD: CVE-2020-19639

REFERENCES

url:	https://xn--sb-lka.org/cve/insma.txt	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-19639	Trust: 2.0
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-28360 // VULMON: CVE-2020-19639 // JVNDB: JVNDB-2020-016401 // CNNVD: CNNVD-202103-1632 // NVD: CVE-2020-19639

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2021-28360
db:	VULMON	id:	CVE-2020-19639
db:	JVNDB	id:	JVNDB-2020-016401
db:	CNNVD	id:	CNNVD-202103-1632
db:	NVD	id:	CVE-2020-19639

LAST UPDATE DATE

2025-01-30T20:53:36.271000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-28360	date:	2021-04-15T00:00:00
db:	VULMON	id:	CVE-2020-19639	date:	2021-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-016401	date:	2021-12-01T08:32:00
db:	CNNVD	id:	CNNVD-202103-1632	date:	2021-04-02T00:00:00
db:	NVD	id:	CVE-2020-19639	date:	2024-11-21T05:09:17.210

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-28360	date:	2021-04-15T00:00:00
db:	VULMON	id:	CVE-2020-19639	date:	2021-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-016401	date:	2021-12-01T00:00:00
db:	CNNVD	id:	CNNVD-202103-1632	date:	2021-03-29T00:00:00
db:	NVD	id:	CVE-2020-19639	date:	2021-03-30T03:15:13.250