Details of VAR-202205-0418

ID

VAR-202205-0418

CVE

CVE-2020-23617

TITLE

TOTOLINK of N200RE firmware and N100RE Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-017712

DESCRIPTION

A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. TOTOLINK of N200RE firmware and N100RE Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Totolink N200RE and Totolink N100RE are routers from Totolink Corporation

Trust: 2.25

sources: NVD: CVE-2020-23617 // JVNDB: JVNDB-2020-017712 // CNVD: CNVD-2022-54653 // VULMON: CVE-2020-23617

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-54653

AFFECTED PRODUCTS

vendor:	totolink	model:	n100re	scope:	eq	version:	2.0	Trust: 1.0
vendor:	totolink	model:	n200re	scope:	eq	version:	2.0	Trust: 1.0
vendor:	totolink	model:	n200re	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n100re	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	n100re routers	scope:	eq	version:	2.0	Trust: 0.6
vendor:	totolink	model:	n200re routers	scope:	eq	version:	2.0	Trust: 0.6

sources: CNVD: CNVD-2022-54653 // JVNDB: JVNDB-2020-017712 // NVD: CVE-2020-23617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-23617
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-23617
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-54653
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202205-1916
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-23617
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-23617
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-54653
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-23617
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2020-23617
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-54653 // VULMON: CVE-2020-23617 // JVNDB: JVNDB-2020-017712 // CNNVD: CNNVD-202205-1916 // NVD: CVE-2020-23617

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-017712 // NVD: CVE-2020-23617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-1916

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202205-1916

PATCH

title:	Patch for Totolink N200RE and N100RE Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/342366	Trust: 0.6
title:	Totolink N200RE Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191948	Trust: 0.6

sources: CNVD: CNVD-2022-54653 // CNNVD: CNNVD-202205-1916

EXTERNAL IDS

db:	NVD	id:	CVE-2020-23617	Trust: 3.9
db:	JVNDB	id:	JVNDB-2020-017712	Trust: 0.8
db:	CNVD	id:	CNVD-2022-54653	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-1916	Trust: 0.6
db:	VULMON	id:	CVE-2020-23617	Trust: 0.1

sources: CNVD: CNVD-2022-54653 // VULMON: CVE-2020-23617 // JVNDB: JVNDB-2020-017712 // CNNVD: CNNVD-202205-1916 // NVD: CVE-2020-23617

REFERENCES

url:	http://totolink.net/	Trust: 3.1
url:	https://gist.github.com/fuzzkitty/8ca2587213874e94e5c0aedf346c18b1	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-23617	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2020-23617/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-54653 // VULMON: CVE-2020-23617 // JVNDB: JVNDB-2020-017712 // CNNVD: CNNVD-202205-1916 // NVD: CVE-2020-23617

SOURCES

db:	CNVD	id:	CNVD-2022-54653
db:	VULMON	id:	CVE-2020-23617
db:	JVNDB	id:	JVNDB-2020-017712
db:	CNNVD	id:	CNNVD-202205-1916
db:	NVD	id:	CVE-2020-23617

LAST UPDATE DATE

2024-08-14T15:21:49.977000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-54653	date:	2022-08-02T00:00:00
db:	VULMON	id:	CVE-2020-23617	date:	2022-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-017712	date:	2023-07-31T08:23:00
db:	CNNVD	id:	CNNVD-202205-1916	date:	2022-05-10T00:00:00
db:	NVD	id:	CVE-2020-23617	date:	2022-05-09T22:02:29.697

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-54653	date:	2022-08-02T00:00:00
db:	VULMON	id:	CVE-2020-23617	date:	2022-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-017712	date:	2023-07-31T00:00:00
db:	CNNVD	id:	CNNVD-202205-1916	date:	2022-05-02T00:00:00
db:	NVD	id:	CVE-2020-23617	date:	2022-05-02T23:15:07.540