Lucene search

[email protected]NVD:CVE-2020-23648

HistoryOct 19, 2022 - 11:15 a.m.

CVE-2020-23648

2022-10-1911:15:09

CWE-306

[email protected]

web.nvd.nist.gov

asus rt-n12e

access control

vulnerability

administrator password

authentication

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.6%

JSON

Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication.

Affected configurations

Nvd

Node

asusrt-n12eMatch-

AND

asusrt-n12e_firmwareMatch2.0.0.39

VendorProductVersionCPE
asusrt-n12e-cpe:2.3:h:asus:rt-n12e:-:*:*:*:*:*:*:*
asusrt-n12e_firmware2.0.0.39cpe:2.3:o:asus:rt-n12e_firmware:2.0.0.39:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
asus	rt-n12e	-	cpe:2.3:h:asus:rt-n12e:-:::::::*
asus	rt-n12e_firmware	2.0.0.39	cpe:2.3:o:asus:rt-n12e_firmware:2.0.0.39:::::::*

References

gist.github.com/ninj4c0d3r/574d2753d469e4ba51dfe555d9c2d4fb

www.asus.com/Networking/RTN12E/HelpDesk_BIOS/

www.shodan.io/search?query=rt-n12e

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.6%

JSON

Related for NVD:CVE-2020-23648

prion1 cvelist1 cve1