FKIE_CVE-2019-20004

Vulnerability from fkie_nvd - Published: 2020-01-05 23:15 - Updated: 2024-11-21 04:37
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
References
cve@mitre.orghttp://en.intelbras.com.br/downloadsVendor Advisory
cve@mitre.orghttps://medium.com/%40rsantos_14778/remote-control-cve-2019-20004-21f77e976715
af854a3a-2127-422b-91ae-364da2661108http://en.intelbras.com.br/downloadsVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40rsantos_14778/remote-control-cve-2019-20004-21f77e976715
Impacted products
Vendor Product Version
intelbras iwr_3000n_firmware 1.8.7
intelbras iwr_3000n -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intelbras:iwr_3000n_firmware:1.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "606FB916-E0DB-464E-8A95-6554BBDDD578",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intelbras:iwr_3000n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF248849-8504-49EF-A539-58B3C1A3E39C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3  un problema en los dispositivos Intelbras IWR 3000N versi\u00f3n 1.8.7. Cuando la contrase\u00f1a de administrador es cambiada desde una determinada direcci\u00f3n IP de cliente, la autorizaci\u00f3n administrativa se conserva disponible para cualquier cliente en esa direcci\u00f3n IP, conllevando a un control completo del router."
    }
  ],
  "id": "CVE-2019-20004",
  "lastModified": "2024-11-21T04:37:51.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-05T23:15:10.967",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://en.intelbras.com.br/downloads"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40rsantos_14778/remote-control-cve-2019-20004-21f77e976715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://en.intelbras.com.br/downloads"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40rsantos_14778/remote-control-cve-2019-20004-21f77e976715"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.