Lucene search

[email protected]NVD:CVE-2020-25749

HistorySep 25, 2020 - 4:23 a.m.

CVE-2020-25749

2020-09-2504:23:05

CWE-798

[email protected]

web.nvd.nist.gov

rubetek cameras

telnet service

remote attacker

full control

high-privileged account

static password

firmware vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

82.4%

JSON

The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.

Affected configurations

Nvd

Node

rubetekrv-3406_firmwareMatch339

rubetekrv-3406_firmwareMatch342

AND

rubetekrv-3406Match-

Node

rubetekrv-3409_firmwareMatch339

rubetekrv-3409_firmwareMatch342

AND

rubetekrv-3409Match-

Node

rubetekrv-3411_firmwareMatch339

rubetekrv-3411_firmwareMatch342

AND

rubetekrv-3411Match-

VendorProductVersionCPE
rubetekrv-3406_firmware339cpe:2.3:o:rubetek:rv-3406_firmware:339:*:*:*:*:*:*:*
rubetekrv-3406_firmware342cpe:2.3:o:rubetek:rv-3406_firmware:342:*:*:*:*:*:*:*
rubetekrv-3406-cpe:2.3:h:rubetek:rv-3406:-:*:*:*:*:*:*:*
rubetekrv-3409_firmware339cpe:2.3:o:rubetek:rv-3409_firmware:339:*:*:*:*:*:*:*
rubetekrv-3409_firmware342cpe:2.3:o:rubetek:rv-3409_firmware:342:*:*:*:*:*:*:*
rubetekrv-3409-cpe:2.3:h:rubetek:rv-3409:-:*:*:*:*:*:*:*
rubetekrv-3411_firmware339cpe:2.3:o:rubetek:rv-3411_firmware:339:*:*:*:*:*:*:*
rubetekrv-3411_firmware342cpe:2.3:o:rubetek:rv-3411_firmware:342:*:*:*:*:*:*:*
rubetekrv-3411-cpe:2.3:h:rubetek:rv-3411:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rubetek	rv-3406_firmware	339	cpe:2.3:o:rubetek:rv-3406_firmware:339:::::::*
rubetek	rv-3406_firmware	342	cpe:2.3:o:rubetek:rv-3406_firmware:342:::::::*
rubetek	rv-3406	-	cpe:2.3:h:rubetek:rv-3406:-:::::::*
rubetek	rv-3409_firmware	339	cpe:2.3:o:rubetek:rv-3409_firmware:339:::::::*
rubetek	rv-3409_firmware	342	cpe:2.3:o:rubetek:rv-3409_firmware:342:::::::*
rubetek	rv-3409	-	cpe:2.3:h:rubetek:rv-3409:-:::::::*
rubetek	rv-3411_firmware	339	cpe:2.3:o:rubetek:rv-3411_firmware:339:::::::*
rubetek	rv-3411_firmware	342	cpe:2.3:o:rubetek:rv-3411_firmware:342:::::::*
rubetek	rv-3411	-	cpe:2.3:h:rubetek:rv-3411:-:::::::*

References

github.com/jet-pentest/CVE-2020-25749

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.009

Percentile

82.4%

JSON

Related for NVD:CVE-2020-25749

cve1 prion1 cvelist1 githubexploit1