Lucene search

MitreCVE-2020-23648

HistoryOct 19, 2022 - 11:15 a.m.

CVE-2020-23648

2022-10-1911:15:09

CWE-306

mitre

web.nvd.nist.gov

asus

rt-n12e

2.0.0.39

incorrect access control

vulnerability

nvd

cve-2020-23648

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

34.6%

JSON

Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.

Affected configurations

Nvd

Node

asusrt-n12eMatch-

AND

asusrt-n12e_firmwareMatch2.0.0.39

VendorProductVersionCPE
asusrt-n12e-cpe:2.3:h:asus:rt-n12e:-:*:*:*:*:*:*:*
asusrt-n12e_firmware2.0.0.39cpe:2.3:o:asus:rt-n12e_firmware:2.0.0.39:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asus	rt-n12e	-	cpe:2.3:h:asus:rt-n12e:-:::::::*
asus	rt-n12e_firmware	2.0.0.39	cpe:2.3:o:asus:rt-n12e_firmware:2.0.0.39:::::::*

References

gist.github.com/ninj4c0d3r/574d2753d469e4ba51dfe555d9c2d4fb

www.asus.com/Networking/RTN12E/HelpDesk_BIOS/

www.shodan.io/search?query=rt-n12e

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

34.6%

JSON

Related for CVE-2020-23648