Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:89224521
HistoryApr 08, 2020 - 12:00 a.m.

JVN#89224521: Multiple vulnerabilities in EasyBlocks IPv6

2020-04-0800:00:00
Japan Vulnerability Notes
jvn.jp
44

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

79.4%

JSON

EasyBlocks IPv6 provided by Plat’Home Co., Ltd. contains multiple vulnerabilities listed below.

Cross site request forgery(CWE-352) - CVE-2020-5549

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score: 4.3
CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6

Session fixation (CWE-384) - CVE-2020-5550

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Base Score: 4.2
CVSS v2 AV:N/AC:H/Au:N/C:P/I:P/A:N Base Score: 4.0

Impact

  • If a user views a malicious page while logged in the management console, unintended operations may be performed - CVE-2020-5549
  • A remote attacker impersonating a registered user may log in the management console. As a result, information may be altered/disclosed. - CVE-2020-5550

Solution

Update the Firmware
Update to the latest version according to the information provided by the developer.

Apply a Workaround
Blocking access from untrusted network or host to port 880 may mitigate the impacts of this vulnerability.

Products Affected

  • EasyBlocks IPv6 Ver. 2.0.1 and earlier
  • EasyBlocks IPv6 Enterprise Ver. 2.0.1 and earlier

Related

nvd 2
cve 2
prion 2
cvelist 2
nvd
nvd
CVE-2020-5550
2020-04-08 08:15:12
CVE-2020-5549
2020-04-08 08:15:12
cve
cve
CVE-2020-5550
2020-04-08 08:15:12
CVE-2020-5549
2020-04-08 08:15:12
prion
prion
Session fixation
2020-04-08 08:15:00
Cross site request forgery (csrf)
2020-04-08 08:15:00
cvelist
cvelist
CVE-2020-5550
2020-04-08 07:50:23
CVE-2020-5549
2020-04-08 07:50:23

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

79.4%

JSON
Related for JVN:89224521
nvd2cve2prion2cvelist2