Sign-up

ID

VAR-202201-1407


CVE

CVE-2020-14110


TITLE

AX3600  Incorrect Authentication Vulnerability in Routers

Trust: 0.8

sources: JVNDB: JVNDB-2022-003456

DESCRIPTION

AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. AX3600 Routers contain an incorrect authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2020-14110 // JVNDB: JVNDB-2022-003456

AFFECTED PRODUCTS

vendor:mimodel:ax3600scope:ltversion:1.0.67

Trust: 1.0

vendor:xiaomimodel:ax3600scope: - version: -

Trust: 0.8

vendor:xiaomimodel:ax3600scope:eqversion:ax3600 firmware

Trust: 0.8

vendor:xiaomimodel:ax3600scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-003456 // NVD: CVE-2020-14110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14110
value: HIGH

Trust: 1.0

NVD: CVE-2020-14110
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202201-1529
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-14110
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-14110
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-14110
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-003456 // CNNVD: CNNVD-202201-1529 // NVD: CVE-2020-14110

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-003456 // NVD: CVE-2020-14110

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-1529

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-1529

PATCH

title:Top Pageurl:https://www.mi.com/global/

Trust: 0.8

title:AX3600 router Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179430

Trust: 0.6

sources: JVNDB: JVNDB-2022-003456 // CNNVD: CNNVD-202201-1529

EXTERNAL IDS

db:NVDid:CVE-2020-14110

Trust: 3.2

db:JVNDBid:JVNDB-2022-003456

Trust: 0.8

db:CNNVDid:CNNVD-202201-1529

Trust: 0.6

sources: JVNDB: JVNDB-2022-003456 // CNNVD: CNNVD-202201-1529 // NVD: CVE-2020-14110

REFERENCES

url:https://trust.mi.com/zh-cn/misrc/bulletins/advisory?cveid=40

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-14110

Trust: 1.4

sources: JVNDB: JVNDB-2022-003456 // CNNVD: CNNVD-202201-1529 // NVD: CVE-2020-14110

SOURCES

db:JVNDBid:JVNDB-2022-003456
db:CNNVDid:CNNVD-202201-1529
db:NVDid:CVE-2020-14110

LAST UPDATE DATE

2024-08-14T15:27:27.601000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-003456date:2023-02-20T02:28:00
db:CNNVDid:CNNVD-202201-1529date:2022-03-10T00:00:00
db:NVDid:CVE-2020-14110date:2022-01-24T17:43:54.230

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-003456date:2023-02-20T00:00:00
db:CNNVDid:CNNVD-202201-1529date:2022-01-18T00:00:00
db:NVDid:CVE-2020-14110date:2022-01-18T17:15:08.207