Lucene search

[email protected]NVD:CVE-2020-21994

HistoryApr 28, 2021 - 3:15 p.m.

CVE-2020-21994

2021-04-2815:15:07

CWE-522

[email protected]

web.nvd.nist.gov

clear-text

credentials disclosure

ave dominaplus

unauthenticated attacker

xml file

authentication bypass

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.145

Percentile

95.9%

JSON

AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file ‘/xml/authClients.xml’ and obtain administrative login information that allows for a successful authentication bypass attack.

Affected configurations

Nvd

Node

avedominaplusRange1.10.11–1.10.77

Node

ave53ab-wbs_firmwareMatch1.10.62

AND

ave53ab-wbsMatch-

Node

avets01_firmwareMatch1.0.65

AND

avets01Match-

Node

avets03x-v_firmwareMatch1.10.45a

AND

avets03x-vMatch-

Node

avets04x-v_firmwareMatch1.10.45a

AND

avets04x-vMatch-

Node

avets05_firmwareMatch1.10.36

AND

avets05Match-

Node

avets05n-v_firmwareMatch-

AND

avets05n-vMatch-

VendorProductVersionCPE
avedominaplus*cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:*
ave53ab-wbs_firmware1.10.62cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:*
ave53ab-wbs-cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:*
avets01_firmware1.0.65cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:*
avets01-cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:*
avets03x-v_firmware1.10.45acpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:*
avets03x-v-cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:*
avets04x-v_firmware1.10.45acpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:*
avets04x-v-cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:*
avets05_firmware1.10.36cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ave	dominaplus	*	cpe:2.3:a:ave:dominaplus::::::::
ave	53ab-wbs_firmware	1.10.62	cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:::::::*
ave	53ab-wbs	-	cpe:2.3:h:ave:53ab-wbs:-:::::::*
ave	ts01_firmware	1.0.65	cpe:2.3:o:ave:ts01_firmware:1.0.65:::::::*
ave	ts01	-	cpe:2.3:h:ave:ts01:-:::::::*
ave	ts03x-v_firmware	1.10.45a	cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:::::::*
ave	ts03x-v	-	cpe:2.3:h:ave:ts03x-v:-:::::::*
ave	ts04x-v_firmware	1.10.45a	cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:::::::*
ave	ts04x-v	-	cpe:2.3:h:ave:ts04x-v:-:::::::*
ave	ts05_firmware	1.10.36	cpe:2.3:o:ave:ts05_firmware:1.10.36:::::::*

Rows per page:

1-10 of 131

References

cwe.mitre.org/data/definitions/522.html

www.exploit-db.com/exploits/47819

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.145

Percentile

95.9%

JSON

Related for NVD:CVE-2020-21994

cvelist1 zeroscience1 prion1 cve1