Lucene search

[email protected]CVE-2020-23588

HistoryNov 23, 2022 - 2:15 a.m.

CVE-2020-23588

2022-11-2302:15:09

CWE-352

[email protected]

web.nvd.nist.gov

cve-2020-23588

optilink

op-xt71000n

csrf

remote attacker

firmware security

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to “Enable or Disable Ports” and to “Change port number” through " /rmtacc.asp ".

Affected configurations

NVD

Node

optilinknetworkop-xt71000n_firmwareMatch3.3.1-191028

AND

optilinknetworkop-xt71000nMatch2.2

CPENameOperatorVersion
optilinknetwork:op-xt71000n_firmwareoptilinknetwork op-xt71000n firmwareeq3.3.1-191028

CPE	Name	Operator	Version
optilinknetwork:op-xt71000n_firmware	optilinknetwork op-xt71000n firmware	eq	3.3.1-191028

References

github.com/huzaifahussain98/CVE-2020-23588

Social References

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON

Related for CVE-2020-23588

cvelist1 prion1 nvd1