Lucene search

[email protected]CVE-2020-8090

HistoryJan 27, 2020 - 10:15 p.m.

CVE-2020-8090

2020-01-2722:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-8090

username field

storage service settings

a1 wlan box

adb vv2220v2

xss

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login).

Affected configurations

NVD

Node

a1wlan_box_adb_vv2220_firmwareMatch-

AND

a1wlan_box_adb_vv2220Match2

CPENameOperatorVersion
a1:wlan_box_adb_vv2220_firmwarea1 wlan box adb vv2220 firmwareeq-

CPE	Name	Operator	Version
a1:wlan_box_adb_vv2220_firmware	a1 wlan box adb vv2220 firmware	eq	-

References

sku11army.blogspot.com/2020/01/a1-modem-wlan-box-adb-vv2220.html

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for CVE-2020-8090

nvd1 cvelist1 prion1