CVE-2020-35757

CRITICAL

9.8

Description

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface endpoint. Requests made to this endpoint do not require authentication. As such, any unauthenticated user who is able to access the web interface will be able to gain root privileges on the LS9 module.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie5/3/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

librewireless:ls9librewireless:ls9_firmware

Faiblesses (CWE)

CWE-306

References

https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/(cve@mitre.org)

https://www.iot-inspector.com/blog/advisory-multiple-issues-libre-wireless-ls9/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.