admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-128xx/CVE-2020-12834.json
cad-safe-bot 3836b1b1c3 Auto-Update: 2024-05-19T02:00:29.558564+00:00
2024-05-19 02:03:31 +00:00

146 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-12834",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-05-15T17:15:12.500",
"lastModified": "2020-05-21T18:43:31.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset)."
},
{
"lang": "es",
"value": "eQ-3 Homematic Central Control Unit (CCU)2 versiones hasta 2.51.6 y la CCU3 versiones hasta 3.51.6, permiten una ejecuci\u00f3n de c\u00f3digo remota en el JSON API Method ReGa.runScript, por parte de atacantes no autenticados con acceso a la interfaz web, debido a que la funcionalidad auto-login predeterminada est\u00e1 activada durante la configuraci\u00f3n por primera vez (o el restablecimiento de f\u00e1brica)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:eq-3:homematic_ccu2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2CF19C-7EDE-4E3C-A736-E6736FF03FDC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:eq-3:homematic_ccu2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.51.6",
"matchCriteriaId": "01848E5D-7A8C-4DAD-967D-E29FB129C2EF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:eq-3:homematic_ccu3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33113AD0-F378-49B2-BCFC-C57B52FD3A04"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:eq-3:ccu3_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.51.6",
"matchCriteriaId": "62962D0F-9A5C-4A4A-81CE-1D0A0B54434F"
}
]
}
]
}
],
"references": [
{
"url": "https://psytester.github.io/CVE-2020-12834/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink