Search criteria
18 vulnerabilities found for iqrouter_firmware by evenroute
FKIE_CVE-2020-11967
Vulnerability from fkie_nvd - Published: 2020-04-21 13:15 - Updated: 2024-11-21 04:59
Severity ?
Summary
In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| evenroute | iqrouter_firmware | * | |
| evenroute | iqrouter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:evenroute:iqrouter_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "386BF9CD-7FB1-4E0A-86D1-4690E9BEC80E",
"versionEndIncluding": "3.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:evenroute:iqrouter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B078518-BE47-404B-9365-4D25EEA6AB33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
},
{
"lang": "es",
"value": "** EN DISPUTA ** En IQrouter versiones hasta la versi\u00f3n 3.3.1, los atacantes remotos pueden controlar el dispositivo (reiniciar la red, reiniciar, actualizar, resetear) debido a un Control de Acceso Incorrecto. Nota: El vendedor afirma que esta vulnerabilidad s\u00f3lo puede ocurrir en una red nueva que, despu\u00e9s de iniciar la configuraci\u00f3n inicial forzada (que tiene un paso requerido para establecer una contrase\u00f1a segura en el sistema), hace que este CVE no sea v\u00e1lido. Esta vulnerabilidad es \"verdadera para cualquier versi\u00f3n no configurada de OpenWRT, y verdadera para muchas otras nuevas distribuciones de Linux antes de ser configuradas por primera vez\""
}
],
"id": "CVE-2020-11967",
"lastModified": "2024-11-21T04:59:00.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T13:15:15.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "cve@mitre.org",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "cve@mitre.org",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-11968
Vulnerability from fkie_nvd - Published: 2020-04-21 13:15 - Updated: 2024-11-21 04:59
Severity ?
Summary
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| evenroute | iqrouter_firmware | * | |
| evenroute | iqrouter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:evenroute:iqrouter_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "386BF9CD-7FB1-4E0A-86D1-4690E9BEC80E",
"versionEndIncluding": "3.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:evenroute:iqrouter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B078518-BE47-404B-9365-4D25EEA6AB33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
},
{
"lang": "es",
"value": "** EN DISPUTA ** En el panel web en IQrouter versiones hasta la versi\u00f3n 3.3.1, los atacantes remotos pueden leer los registros del sistema debido a un Control de Acceso Incorrecto. Nota: El vendedor afirma que esta vulnerabilidad s\u00f3lo puede ocurrir en una red nueva que, despu\u00e9s de iniciar la configuraci\u00f3n inicial forzada (que tiene un paso requerido para establecer una contrase\u00f1a segura en el sistema), hace que este CVE no sea v\u00e1lido. Esta vulnerabilidad es \"verdadera para cualquier versi\u00f3n no configurada de OpenWRT, y verdadera para muchas otras nuevas distribuciones de Linux antes de ser configuradas por primera vez\""
}
],
"id": "CVE-2020-11968",
"lastModified": "2024-11-21T04:59:00.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T13:15:15.130",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "cve@mitre.org",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "cve@mitre.org",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-11963
Vulnerability from fkie_nvd - Published: 2020-04-21 13:15 - Updated: 2024-11-21 04:58
Severity ?
Summary
IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| evenroute | iqrouter_firmware | * | |
| evenroute | iqrouter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:evenroute:iqrouter_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "386BF9CD-7FB1-4E0A-86D1-4690E9BEC80E",
"versionEndIncluding": "3.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:evenroute:iqrouter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B078518-BE47-404B-9365-4D25EEA6AB33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
},
{
"lang": "es",
"value": "** EN DISPUTA ** IQrouter versiones hasta la versi\u00f3n 3.3.1, cuando no est\u00e1 configurado, tiene m\u00faltiples vulnerabilidades de ejecuci\u00f3n de c\u00f3digo remota en el panel web debido a una Inyecci\u00f3n de Metacaracteres de Shell Bash. Nota: El proveedor afirma que esta vulnerabilidad s\u00f3lo puede ocurrir en una red nueva que, despu\u00e9s de iniciar la configuraci\u00f3n inicial forzada (que tiene un paso requerido para establecer una contrase\u00f1a segura en el sistema), hace que este CVE no sea v\u00e1lido. Esta vulnerabilidad es \"verdadera para cualquier versi\u00f3n no configurada de OpenWRT, y verdadera para muchas otras nuevas distribuciones de Linux antes de ser configuradas por primera vez\""
}
],
"id": "CVE-2020-11963",
"lastModified": "2024-11-21T04:58:59.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T13:15:14.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "cve@mitre.org",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "cve@mitre.org",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-11964
Vulnerability from fkie_nvd - Published: 2020-04-21 13:15 - Updated: 2024-11-21 04:59
Severity ?
Summary
In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://evenroute.com/ | Product | |
| cve@mitre.org | https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter- | Third Party Advisory | |
| cve@mitre.org | https://openwrt.org/docs/guide-quick-start/walkthrough_login | Third Party Advisory | |
| cve@mitre.org | https://pastebin.com/grSCSBSu | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://evenroute.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter- | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openwrt.org/docs/guide-quick-start/walkthrough_login | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pastebin.com/grSCSBSu | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| evenroute | iqrouter_firmware | * | |
| evenroute | iqrouter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:evenroute:iqrouter_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "386BF9CD-7FB1-4E0A-86D1-4690E9BEC80E",
"versionEndIncluding": "3.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:evenroute:iqrouter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B078518-BE47-404B-9365-4D25EEA6AB33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
},
{
"lang": "es",
"value": "** EN DISPUTA ** En IQrouter versiones hasta la versi\u00f3n 3.3.1, la funci\u00f3n Lua diag_set_password en el panel web, permite a atacantes remotos cambiar la contrase\u00f1a de root arbitrariamente. Nota: El vendedor afirma que esta vulnerabilidad solo puede ocurrir en una red nueva que, despu\u00e9s de iniciar la configuraci\u00f3n inicial forzada (que tiene un paso requerido para establecer una contrase\u00f1a segura en el sistema), hace que esta CVE no sea v\u00e1lida. Esta vulnerabilidad es \"verdadera para cualquier versi\u00f3n no configurada de OpenWRT, y verdadera para muchas otras nuevas distribuciones de Linux antes de ser configuradas por primera vez\""
}
],
"id": "CVE-2020-11964",
"lastModified": "2024-11-21T04:59:00.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T13:15:14.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-11965
Vulnerability from fkie_nvd - Published: 2020-04-21 13:15 - Updated: 2024-11-21 04:59
Severity ?
Summary
In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://evenroute.com/ | Product | |
| cve@mitre.org | https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter- | Third Party Advisory | |
| cve@mitre.org | https://openwrt.org/docs/guide-quick-start/walkthrough_login | Third Party Advisory | |
| cve@mitre.org | https://pastebin.com/grSCSBSu | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://evenroute.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter- | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openwrt.org/docs/guide-quick-start/walkthrough_login | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pastebin.com/grSCSBSu | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| evenroute | iqrouter_firmware | * | |
| evenroute | iqrouter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:evenroute:iqrouter_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "386BF9CD-7FB1-4E0A-86D1-4690E9BEC80E",
"versionEndIncluding": "3.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:evenroute:iqrouter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B078518-BE47-404B-9365-4D25EEA6AB33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
},
{
"lang": "es",
"value": "** EN DISPUTA ** En IQrouter versiones hasta la versi\u00f3n 3.3.1, hay un usuario root sin una contrase\u00f1a, lo que permite a atacantes conseguir acceso remoto completo por medio de SSH. Nota: El vendedor afirma que esta vulnerabilidad s\u00f3lo puede ocurrir en una red nueva que, despu\u00e9s de iniciar la configuraci\u00f3n inicial forzada (que tiene un paso requerido para establecer una contrase\u00f1a segura en el sistema), hace que esta CVE no sea v\u00e1lida. Esta vulnerabilidad es \"verdadera para cualquier versi\u00f3n no configurada de OpenWRT, y verdadera para muchas otras nuevas distribuciones de Linux antes de ser configuradas por primera vez\""
}
],
"id": "CVE-2020-11965",
"lastModified": "2024-11-21T04:59:00.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T13:15:14.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-11966
Vulnerability from fkie_nvd - Published: 2020-04-21 13:15 - Updated: 2024-11-21 04:59
Severity ?
Summary
In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| evenroute | iqrouter_firmware | * | |
| evenroute | iqrouter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:evenroute:iqrouter_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "386BF9CD-7FB1-4E0A-86D1-4690E9BEC80E",
"versionEndIncluding": "3.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:evenroute:iqrouter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B078518-BE47-404B-9365-4D25EEA6AB33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
},
{
"lang": "es",
"value": "** EN DISPUTA ** En IQrouter versiones hasta la versi\u00f3n 3.3.1, la funci\u00f3n Lua reset_password en el panel web, permite a atacantes remotos cambiar la contrase\u00f1a de root arbitrariamente. Nota: El vendedor afirma que esta vulnerabilidad solo puede ocurrir en una red nueva que, despu\u00e9s de iniciar la configuraci\u00f3n inicial forzada (que tiene un paso requerido para establecer una contrase\u00f1a segura en el sistema), hace que este CVE no sea v\u00e1lido. Esta vulnerabilidad es \"verdadera para cualquier versi\u00f3n no configurada de OpenWRT, y verdadera para muchas otras nuevas distribuciones de Linux antes de ser configuradas por primera vez\""
}
],
"id": "CVE-2020-11966",
"lastModified": "2024-11-21T04:59:00.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-21T13:15:14.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "cve@mitre.org",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "cve@mitre.org",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://evenroute.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/grSCSBSu"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-11967 (GCVE-0-2020-11967)
Vulnerability from cvelistv5 – Published: 2020-04-21 12:08 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:52:01.156502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:52:48.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:38:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11967",
"datePublished": "2020-04-21T12:08:11",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11968 (GCVE-0-2020-11968)
Vulnerability from cvelistv5 – Published: 2020-04-21 12:07 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:39:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11968",
"datePublished": "2020-04-21T12:07:43",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11966 (GCVE-0-2020-11966)
Vulnerability from cvelistv5 – Published: 2020-04-21 12:06 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:35:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11966",
"datePublished": "2020-04-21T12:06:12",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11965 (GCVE-0-2020-11965)
Vulnerability from cvelistv5 – Published: 2020-04-21 12:05 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:36:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11965",
"datePublished": "2020-04-21T12:05:49",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11964 (GCVE-0-2020-11964)
Vulnerability from cvelistv5 – Published: 2020-04-21 12:05 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:29:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11964",
"datePublished": "2020-04-21T12:05:27",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11963 (GCVE-0-2020-11963)
Vulnerability from cvelistv5 – Published: 2020-04-21 12:04 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:28:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11963",
"datePublished": "2020-04-21T12:04:45",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11967 (GCVE-0-2020-11967)
Vulnerability from nvd – Published: 2020-04-21 12:08 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:52:01.156502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:52:48.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:38:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11967",
"datePublished": "2020-04-21T12:08:11",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11968 (GCVE-0-2020-11968)
Vulnerability from nvd – Published: 2020-04-21 12:07 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:39:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11968",
"datePublished": "2020-04-21T12:07:43",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11966 (GCVE-0-2020-11966)
Vulnerability from nvd – Published: 2020-04-21 12:06 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:35:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11966",
"datePublished": "2020-04-21T12:06:12",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11965 (GCVE-0-2020-11965)
Vulnerability from nvd – Published: 2020-04-21 12:05 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:36:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11965",
"datePublished": "2020-04-21T12:05:49",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11964 (GCVE-0-2020-11964)
Vulnerability from nvd – Published: 2020-04-21 12:05 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:29:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11964",
"datePublished": "2020-04-21T12:05:27",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11963 (GCVE-0-2020-11963)
Vulnerability from nvd – Published: 2020-04-21 12:04 – Updated: 2024-08-04 11:48 Disputed
VLAI?
Summary
IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time”
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:56.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-30T18:28:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/grSCSBSu"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is \u201ctrue for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for the first time\u201d."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://evenroute.com/",
"refsource": "MISC",
"url": "https://evenroute.com/"
},
{
"name": "https://pastebin.com/grSCSBSu",
"refsource": "MISC",
"url": "https://pastebin.com/grSCSBSu"
},
{
"name": "https://openwrt.org/docs/guide-quick-start/walkthrough_login",
"refsource": "MISC",
"url": "https://openwrt.org/docs/guide-quick-start/walkthrough_login"
},
{
"name": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-",
"refsource": "MISC",
"url": "https://evenroute.zendesk.com/hc/en-us/articles/216107838-How-do-I-configure-an-IQrouter-"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11963",
"datePublished": "2020-04-21T12:04:45",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:48:56.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}