Details of VAR-202106-2082

ID

VAR-202106-2082

TITLE

Damai box DM4036 has a command execution vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-33230

DESCRIPTION

Damai Technology Development Co., Ltd. is a wholly-owned subsidiary of Damai Technology-Dr. Peng Group. Based on the broad coverage of the group's broadband business, Damai Technology Development Co., Ltd. is committed to the development and application of all-round smart terminal products for users' future work and life. Damai box DM4036 has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.

Trust: 0.6

sources: CNVD: CNVD-2021-33230

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-33230

AFFECTED PRODUCTS

vendor:

damai

model:

box dm4036 pb.70.51.01 /5.1.1 /34240|11

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2021-33230

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2021-33230
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2021-33230
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2021-33230

EXTERNAL IDS

db:

CNVD

id:

CNVD-2021-33230

Trust: 0.6

sources: CNVD: CNVD-2021-33230

SOURCES

db:

CNVD

id:

CNVD-2021-33230

LAST UPDATE DATE

2022-05-04T10:25:20.944000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2021-33230

date:

2021-05-08T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2021-33230

date:

2021-06-03T00:00:00