CVE-2020-12106

Опубликовано: 12 авг. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.

Ссылки

https://www.stengg.com/cybersecurity
Third Party Advisory
https://www.stengg.com/media/1076253/vpncrypt-m10-cve-advisory-notice.pdf
Third Party Advisory
https://www.stengg.com/cybersecurity
Third Party Advisory
https://www.stengg.com/media/1076253/vpncrypt-m10-cve-advisory-notice.pdf
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:stengg:vpncrypt_m10_firmware:2.6.5:*:*:*:*:*:*:*

cpe:2.3:h:stengg:vpncrypt_m10:-:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.0098

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-q6v8-jc2v-7p36

github

больше 3 лет назад