Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by TONNET
CVE-2026-9003 (GCVE-0-2026-9003)
Vulnerability from nvd – Published: 2026-05-20 02:39 – Updated: 2026-05-20 12:33- CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-10911-e6abb-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-10912-21886-2.html | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T12:32:53.796016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T12:33:01.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TPR7308",
"vendor": "TONNET",
"versions": [
{
"lessThan": "mdiskTRS08_tonnet_20260203-1636",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-05-20T01:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents."
}
],
"value": "E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T02:39:59.207Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-10911-e6abb-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-10912-21886-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please update firmware to version mdiskTRS08_tonnet_20260203-1636 or later"
}
],
"value": "Please update firmware to version mdiskTRS08_tonnet_20260203-1636 or later"
}
],
"source": {
"advisory": "TVN-202605001",
"discovery": "EXTERNAL"
},
"title": "TONNET\uff5cE-LAN Hybrid Recording System - SQL Injection",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2026-9003",
"datePublished": "2026-05-20T02:39:59.207Z",
"dateReserved": "2026-05-19T13:43:36.031Z",
"dateUpdated": "2026-05-20T12:33:01.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-3924 (GCVE-0-2020-3924)
Vulnerability from nvd – Published: 2020-02-27 04:00 – Updated: 2024-09-16 17:14- Firmware Injection
| URL | Tags |
|---|---|
| https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d… | x_refsource_MISC |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201910004 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"TAT-76 series"
],
"product": "DVR",
"vendor": "TONNET",
"versions": [
{
"lessThanOrEqual": "20191216",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"platforms": [
"TAT-77 series"
],
"product": "DVR",
"vendor": "TONNET",
"versions": [
{
"lessThanOrEqual": "20200213",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Firmware Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-27T04:00:32.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910004"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to ver. 20191216 in TAT-76 series\nUpdate to ver. 20200213 in TAT-77 series"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TONNET DVR \u2013 Firmware Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-21T08:00:00.000Z",
"ID": "CVE-2020-3924",
"STATE": "PUBLIC",
"TITLE": "TONNET DVR \u2013 Firmware Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DVR",
"version": {
"version_data": [
{
"platform": "TAT-76 series",
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "20191216"
},
{
"platform": "TAT-77 series",
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "20200213"
}
]
}
}
]
},
"vendor_name": "TONNET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Firmware Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910004",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910004"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to ver. 20191216 in TAT-76 series\nUpdate to ver. 20200213 in TAT-77 series"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3924",
"datePublished": "2020-02-27T04:00:32.289Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:12.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3923 (GCVE-0-2020-3923)
Vulnerability from nvd – Published: 2020-02-27 04:00 – Updated: 2024-09-16 20:26- Broken Access Control
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201910003 | x_refsource_MISC |
| https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910003"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"TAT-76 series"
],
"product": "DVR",
"vendor": "TONNET",
"versions": [
{
"lessThanOrEqual": "20191216",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"platforms": [
"TAT-77 series"
],
"product": "DVR",
"vendor": "TONNET",
"versions": [
{
"lessThanOrEqual": "20200213",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-27T04:00:31.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910003"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to ver. 20191216 in TAT-76 series\nUpdate to ver. 20200213 in TAT-77 series"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TONNET DVR \u2013 Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-21T08:00:00.000Z",
"ID": "CVE-2020-3923",
"STATE": "PUBLIC",
"TITLE": "TONNET DVR \u2013 Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DVR",
"version": {
"version_data": [
{
"platform": "TAT-76 series",
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "20191216"
},
{
"platform": "TAT-77 series",
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "20200213"
}
]
}
}
]
},
"vendor_name": "TONNET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910003",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910003"
},
{
"name": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to ver. 20191216 in TAT-76 series\nUpdate to ver. 20200213 in TAT-77 series"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3923",
"datePublished": "2020-02-27T04:00:31.892Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:48.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-9003 (GCVE-0-2026-9003)
Vulnerability from cvelistv5 – Published: 2026-05-20 02:39 – Updated: 2026-05-20 12:33- CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-10911-e6abb-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-10912-21886-2.html | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T12:32:53.796016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T12:33:01.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TPR7308",
"vendor": "TONNET",
"versions": [
{
"lessThan": "mdiskTRS08_tonnet_20260203-1636",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-05-20T01:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents."
}
],
"value": "E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T02:39:59.207Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-10911-e6abb-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-10912-21886-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please update firmware to version mdiskTRS08_tonnet_20260203-1636 or later"
}
],
"value": "Please update firmware to version mdiskTRS08_tonnet_20260203-1636 or later"
}
],
"source": {
"advisory": "TVN-202605001",
"discovery": "EXTERNAL"
},
"title": "TONNET\uff5cE-LAN Hybrid Recording System - SQL Injection",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2026-9003",
"datePublished": "2026-05-20T02:39:59.207Z",
"dateReserved": "2026-05-19T13:43:36.031Z",
"dateUpdated": "2026-05-20T12:33:01.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-3924 (GCVE-0-2020-3924)
Vulnerability from cvelistv5 – Published: 2020-02-27 04:00 – Updated: 2024-09-16 17:14- Firmware Injection
| URL | Tags |
|---|---|
| https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d… | x_refsource_MISC |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201910004 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"TAT-76 series"
],
"product": "DVR",
"vendor": "TONNET",
"versions": [
{
"lessThanOrEqual": "20191216",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"platforms": [
"TAT-77 series"
],
"product": "DVR",
"vendor": "TONNET",
"versions": [
{
"lessThanOrEqual": "20200213",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Firmware Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-27T04:00:32.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910004"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to ver. 20191216 in TAT-76 series\nUpdate to ver. 20200213 in TAT-77 series"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TONNET DVR \u2013 Firmware Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-21T08:00:00.000Z",
"ID": "CVE-2020-3924",
"STATE": "PUBLIC",
"TITLE": "TONNET DVR \u2013 Firmware Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DVR",
"version": {
"version_data": [
{
"platform": "TAT-76 series",
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "20191216"
},
{
"platform": "TAT-77 series",
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "20200213"
}
]
}
}
]
},
"vendor_name": "TONNET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Firmware Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910004",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910004"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to ver. 20191216 in TAT-76 series\nUpdate to ver. 20200213 in TAT-77 series"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3924",
"datePublished": "2020-02-27T04:00:32.289Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:12.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3923 (GCVE-0-2020-3923)
Vulnerability from cvelistv5 – Published: 2020-02-27 04:00 – Updated: 2024-09-16 20:26- Broken Access Control
| URL | Tags |
|---|---|
| https://tvn.twcert.org.tw/taiwanvn/TVN-201910003 | x_refsource_MISC |
| https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910003"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"TAT-76 series"
],
"product": "DVR",
"vendor": "TONNET",
"versions": [
{
"lessThanOrEqual": "20191216",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"platforms": [
"TAT-77 series"
],
"product": "DVR",
"vendor": "TONNET",
"versions": [
{
"lessThanOrEqual": "20200213",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-27T04:00:31.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910003"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to ver. 20191216 in TAT-76 series\nUpdate to ver. 20200213 in TAT-77 series"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TONNET DVR \u2013 Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-21T08:00:00.000Z",
"ID": "CVE-2020-3923",
"STATE": "PUBLIC",
"TITLE": "TONNET DVR \u2013 Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DVR",
"version": {
"version_data": [
{
"platform": "TAT-76 series",
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "20191216"
},
{
"platform": "TAT-77 series",
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "20200213"
}
]
}
}
]
},
"vendor_name": "TONNET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910003",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910003"
},
{
"name": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to ver. 20191216 in TAT-76 series\nUpdate to ver. 20200213 in TAT-77 series"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3923",
"datePublished": "2020-02-27T04:00:31.892Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:48.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202002-0940
Vulnerability from variot - Updated: 2023-12-18 14:00DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system. TAT-76 and TAT-77 There is an injection vulnerability in the series.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tonnet TAT-76 is a network camera device.
Tonnet TAT-76 update function failed to correctly verify the update file. Remote attackers can use this vulnerability to submit special requests and inject commands to obtain device permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0940",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tat-71416g1",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-71416g1_20181225"
},
{
"model": "tat-70432n",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-77208g1_20181225"
},
{
"model": "tat-76132g3",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-70832g3_20181221-1"
},
{
"model": "tat-76108g3",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "20181221_76208g3"
},
{
"model": "tat-76104g3",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "20181220_76104g3"
},
{
"model": "tat-76116g3",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "20181221_76216g3"
},
{
"model": "tat-77104g1",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-77104g1_20190107"
},
{
"model": "tat-71832g1",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-71832g1_20190510"
},
{
"model": "tat-70432n",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-71416g1",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-71832g1",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76104g3",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76108g3",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76116g3",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76132g3",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-77104g1",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76",
"scope": null,
"trust": 0.6,
"vendor": "tonnet",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14865"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"db": "NVD",
"id": "CVE-2020-3924"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-77104g1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-77104g1_20190107",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-77104g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-70432n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-77208g1_20181225",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-70432n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-71416g1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-71416g1_20181225",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-71416g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-71832g1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-71832g1_20190510",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-71832g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-76104g3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20181220_76104g3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-76104g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-76108g3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20181221_76208g3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-76108g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-76116g3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20181221_76216g3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-76116g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-76132g3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-70832g3_20181221-1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-76132g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weber Tsai (CHT Security) , Keniver Wang (CHT Security) , Redhung Chen (CHT Security Intern)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-002413",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2020-14865",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "twcert@cert.org.tw",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002413",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-3924",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "twcert@cert.org.tw",
"id": "CVE-2020-3924",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-002413",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-14865",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1288",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14865"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"db": "NVD",
"id": "CVE-2020-3924"
},
{
"db": "NVD",
"id": "CVE-2020-3924"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system. TAT-76 and TAT-77 There is an injection vulnerability in the series.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tonnet TAT-76 is a network camera device. \n\r\n\r\nTonnet TAT-76 update function failed to correctly verify the update file. Remote attackers can use this vulnerability to submit special requests and inject commands to obtain device permissions",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3924"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"db": "CNVD",
"id": "CNVD-2020-14865"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3924",
"trust": 3.0
},
{
"db": "TWCERT",
"id": "TVN-201910004",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002413",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-14865",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1288",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14865"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"db": "NVD",
"id": "CVE-2020-3924"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
]
},
"id": "VAR-202002-0940",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14865"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14865"
}
]
},
"last_update_date": "2023-12-18T14:00:38.708000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.tonnet.com.tw/"
},
{
"title": "Patch for Tonnet TAT-76 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/206261"
},
{
"title": "Tonnet TAT-76 and TAT-77 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111090"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14865"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-74",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"db": "NVD",
"id": "CVE-2020-3924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
},
{
"trust": 2.2,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201910004"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3924"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3924"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14865"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"db": "NVD",
"id": "CVE-2020-3924"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-14865"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"db": "NVD",
"id": "CVE-2020-3924"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14865"
},
{
"date": "2020-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"date": "2020-02-27T04:15:10.670000",
"db": "NVD",
"id": "CVE-2020-3924"
},
{
"date": "2020-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14865"
},
{
"date": "2020-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002413"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-3924"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TAT-76 and TAT-77 Injection vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002413"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1288"
}
],
"trust": 0.6
}
}
VAR-202002-0939
Vulnerability from variot - Updated: 2023-12-18 12:17DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system. TAT-76 and TAT-77 The series contains vulnerabilities related to fraudulent authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tonnet TAT-76 is a network camera device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0939",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tat-71416g1",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-71416g1_20181225"
},
{
"model": "tat-70432n",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-77208g1_20181225"
},
{
"model": "tat-76132g3",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-70832g3_20181221-1"
},
{
"model": "tat-76108g3",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "20181221_76208g3"
},
{
"model": "tat-76104g3",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "20181220_76104g3"
},
{
"model": "tat-76116g3",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "20181221_76216g3"
},
{
"model": "tat-77104g1",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-77104g1_20190107"
},
{
"model": "tat-71832g1",
"scope": "lte",
"trust": 1.0,
"vendor": "tonnet",
"version": "tat-71832g1_20190510"
},
{
"model": "tat-70432n",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-71416g1",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-71832g1",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76104g3",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76108g3",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76116g3",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76132g3",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-77104g1",
"scope": null,
"trust": 0.8,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-76",
"scope": null,
"trust": 0.6,
"vendor": "tonnet",
"version": null
},
{
"model": "tat-77",
"scope": null,
"trust": 0.6,
"vendor": "tonnet",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14864"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"db": "NVD",
"id": "CVE-2020-3923"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-77104g1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-77104g1_20190107",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-77104g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-70432n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-77208g1_20181225",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-70432n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-71416g1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-71416g1_20181225",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-71416g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-71832g1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-71832g1_20190510",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-71832g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-76104g3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20181220_76104g3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-76104g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-76108g3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20181221_76208g3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-76108g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-76116g3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "20181221_76216g3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-76116g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tonnet:tat-76132g3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "tat-70832g3_20181221-1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tonnet:tat-76132g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Weber Tsai (CHT Security) , Keniver Wang (CHT Security) , Redhung Chen (CHT Security Intern)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-002412",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2020-14864",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "twcert@cert.org.tw",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-002412",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-3923",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "twcert@cert.org.tw",
"id": "CVE-2020-3923",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-002412",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-14864",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1289",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14864"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"db": "NVD",
"id": "CVE-2020-3923"
},
{
"db": "NVD",
"id": "CVE-2020-3923"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system. TAT-76 and TAT-77 The series contains vulnerabilities related to fraudulent authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tonnet TAT-76 is a network camera device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3923"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"db": "CNVD",
"id": "CNVD-2020-14864"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3923",
"trust": 3.0
},
{
"db": "TWCERT",
"id": "TVN-201910003",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002412",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-14864",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1289",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14864"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"db": "NVD",
"id": "CVE-2020-3923"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
]
},
"id": "VAR-202002-0939",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14864"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14864"
}
]
},
"last_update_date": "2023-12-18T12:17:19.548000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.tonnet.com.tw/"
},
{
"title": "Patch for Tonnet TAT-76 Default Password Authentication Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/206263"
},
{
"title": "Tonnet TAT-76 and TAT-77 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111091"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14864"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"db": "NVD",
"id": "CVE-2020-3923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf"
},
{
"trust": 2.2,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201910003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3923"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3923"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14864"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"db": "NVD",
"id": "CVE-2020-3923"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-14864"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"db": "NVD",
"id": "CVE-2020-3923"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14864"
},
{
"date": "2020-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"date": "2020-02-27T04:15:10.577000",
"db": "NVD",
"id": "CVE-2020-3923"
},
{
"date": "2020-02-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14864"
},
{
"date": "2020-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-002412"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-3923"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TAT-76 and TAT-77 Unauthorized authentication vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-002412"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1289"
}
],
"trust": 0.6
}
}