{"vulnerability": "CVE-2020-2519", "sightings": [{"uuid": "67c6cc45-1afc-4117-b2a0-016b98804983", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25195", "type": "seen", "source": "https://t.me/cibsecurity/20878", "content": "\u203c CVE-2020-25195 \u203c\n\nThe length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-15T22:40:56.000000Z"}, {"uuid": "7517dfa4-a904-4f5e-ad7b-86d517e8b607", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25193", "type": "seen", "source": "https://t.me/cibsecurity/39251", "content": "\u203c CVE-2020-25193 \u203c\n\nBy having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T21:29:00.000000Z"}, {"uuid": "aa95e031-eadf-4969-9743-2b0d3a4121ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25196", "type": "seen", "source": "https://t.me/cibsecurity/21235", "content": "\u203c CVE-2020-25196 \u203c\n\nThe built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-23T19:25:34.000000Z"}, {"uuid": "65fa46ba-a306-4193-ab7e-9a1b97854295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25194", "type": "seen", "source": "https://t.me/cibsecurity/21233", "content": "\u203c CVE-2020-25194 \u203c\n\nThe built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-23T19:25:32.000000Z"}, {"uuid": "47a1d30e-43cf-4664-be17-5ce1a232474f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25198", "type": "seen", "source": "https://t.me/cibsecurity/21230", "content": "\u203c CVE-2020-25198 \u203c\n\nThe built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user\u00e2\u20ac\u2122s cookies.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-23T19:25:29.000000Z"}, {"uuid": "44d79bca-1735-4ffc-b320-f00d5b3f0168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25190", "type": "seen", "source": "https://t.me/cibsecurity/21225", "content": "\u203c CVE-2020-25190 \u203c\n\nThe built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-23T19:25:22.000000Z"}, {"uuid": "f1c14269-cb87-486e-a928-31eca476ad2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-25192", "type": "seen", "source": "https://t.me/cibsecurity/21222", "content": "\u203c CVE-2020-25192 \u203c\n\nThe built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-23T19:25:18.000000Z"}]}