Lucene search

[email protected]CVE-2020-11949

HistoryMay 28, 2020 - 1:15 p.m.

CVE-2020-11949

2020-05-2813:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

116

vivotek

network cameras

testserver.cgi

vulnerability

it9388-ht

cve-2020-11949

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.1%

JSON

testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera’s local filesystem. For example, this affects IT9388-HT devices.

CPENameOperatorVersion
vivotek:cc9381-hv_firmwarevivotek cc9381-hv firmwarele0222g
vivotek:fd9360-h_firmwarevivotek fd9360-h firmwarele0222g
vivotek:fd9368-htv_firmwarevivotek fd9368-htv firmwarele0222g
vivotek:fd9380-h_firmwarevivotek fd9380-h firmwarele0222g
vivotek:fd9388-htv_firmwarevivotek fd9388-htv firmwarele0222g
vivotek:ib9360-h_firmwarevivotek ib9360-h firmwarele0222g
vivotek:ib9368-ht_firmwarevivotek ib9368-ht firmwarele0222g
vivotek:ib9380-h_firmwarevivotek ib9380-h firmwarele0222g
vivotek:ib9388-ht_firmwarevivotek ib9388-ht firmwarele0222g
vivotek:it9360-h_firmwarevivotek it9360-h firmwarele0222g

CPE	Name	Operator	Version
vivotek:cc9381-hv_firmware	vivotek cc9381-hv firmware	le	0222g
vivotek:fd9360-h_firmware	vivotek fd9360-h firmware	le	0222g
vivotek:fd9368-htv_firmware	vivotek fd9368-htv firmware	le	0222g
vivotek:fd9380-h_firmware	vivotek fd9380-h firmware	le	0222g
vivotek:fd9388-htv_firmware	vivotek fd9388-htv firmware	le	0222g
vivotek:ib9360-h_firmware	vivotek ib9360-h firmware	le	0222g
vivotek:ib9368-ht_firmware	vivotek ib9368-ht firmware	le	0222g
vivotek:ib9380-h_firmware	vivotek ib9380-h firmware	le	0222g
vivotek:ib9388-ht_firmware	vivotek ib9388-ht firmware	le	0222g
vivotek:it9360-h_firmware	vivotek it9360-h firmware	le	0222g

Rows per page:

1-10 of 1941

References

download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for CVE-2020-11949

cvelist1 prion1