Details of VAR-202104-0194

ID

VAR-202104-0194

CVE

CVE-2020-28973

TITLE

ABUS Secvest FUAA50000 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-36600 // CNNVD: CNNVD-202104-1598

DESCRIPTION

The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system. ABUS Secvest FUAA50000 is a wireless remote control made by ABUS in Germany. ABUS Secvest FUAA50000 version 3.01.17 has an information disclosure vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2020-28973 // CNVD: CNVD-2021-36600 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-28973

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-36600

AFFECTED PRODUCTS

vendor:	abus	model:	secvest wireless alarm system fuaa50000	scope:	eq	version:	3.01.17	Trust: 1.0
vendor:	abus	model:	secvest fuaa50000	scope:	eq	version:	3.01.17	Trust: 0.6

sources: CNVD: CNVD-2021-36600 // NVD: CVE-2020-28973

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-28973
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-36600
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-1598
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-28973
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-28973
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-36600
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-28973
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-36600 // VULMON: CVE-2020-28973 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1598 // NVD: CVE-2020-28973

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.0

sources: NVD: CVE-2020-28973

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1598

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Patch for ABUS Secvest FUAA50000 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/266756	Trust: 0.6
title:	ABUS Secvest FUAA50000 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148732	Trust: 0.6

sources: CNVD: CNVD-2021-36600 // CNNVD: CNNVD-202104-1598

EXTERNAL IDS

db:	NVD	id:	CVE-2020-28973	Trust: 2.3
db:	CNVD	id:	CNVD-2021-36600	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021042601	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-1598	Trust: 0.6
db:	VULMON	id:	CVE-2020-28973	Trust: 0.1

sources: CNVD: CNVD-2021-36600 // VULMON: CVE-2020-28973 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1598 // NVD: CVE-2020-28973

REFERENCES

url:	https://eye.security/en/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28973	Trust: 1.2
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042601	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-36600 // VULMON: CVE-2020-28973 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1598 // NVD: CVE-2020-28973

SOURCES

db:	CNVD	id:	CNVD-2021-36600
db:	VULMON	id:	CVE-2020-28973
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-1598
db:	NVD	id:	CVE-2020-28973

LAST UPDATE DATE

2024-11-23T20:16:05.184000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-36600	date:	2021-05-24T00:00:00
db:	VULMON	id:	CVE-2020-28973	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-1598	date:	2022-06-30T00:00:00
db:	NVD	id:	CVE-2020-28973	date:	2024-11-21T05:23:25.210

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-36600	date:	2021-05-24T00:00:00
db:	VULMON	id:	CVE-2020-28973	date:	2021-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-1598	date:	2021-04-21T00:00:00
db:	NVD	id:	CVE-2020-28973	date:	2021-04-21T19:15:35.783