exploitDog

CVE-2020-10986

Опубликовано: 13 июл. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 7.1

EPSS Низкий

Описание

A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.

Ссылки

https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68
Exploit
Third Party Advisory
https://www.ise.io/research/
Third Party Advisory
https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68
Exploit
Third Party Advisory
https://www.ise.io/research/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00167

Низкий

6.5 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-9p5q-6qw3-f786

github

больше 3 лет назад

A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.

EPSS

Процентиль: 38%

0.00167

Низкий

6.5 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-352