Lucene search

TwcertCVELIST:CVE-2020-12773

HistoryJun 08, 2020 - 7:20 a.m.

CVE-2020-12773 Realtek ADSL/PON Modem SoC - Security Misconfiguration

2020-06-0807:20:18

twcert

www.cve.org

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

42.0%

JSON

A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.

CNA Affected

[
  {
    "product": "ADSL/PON Modem SoC",
    "vendor": "Realtek",
    "versions": [
      {
        "status": "unknown",
        "version": "0"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-3681-2a3f6-1.html

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

42.0%

JSON

Related for CVELIST:CVE-2020-12773