← Voltar para CVEs
CVE-2020-11967
CRITICAL9.8
Descricao
In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/21/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
evenroute:iqrouterevenroute:iqrouter_firmware
Fraquezas (CWE)
CWE-862
Referencias
https://evenroute.com/(cve@mitre.org)
https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-(cve@mitre.org)
https://openwrt.org/docs/guide-quick-start/walkthrough_login(cve@mitre.org)
https://pastebin.com/grSCSBSu(cve@mitre.org)
https://evenroute.com/(af854a3a-2127-422b-91ae-364da2661108)
https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-(af854a3a-2127-422b-91ae-364da2661108)
https://openwrt.org/docs/guide-quick-start/walkthrough_login(af854a3a-2127-422b-91ae-364da2661108)
https://pastebin.com/grSCSBSu(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.