Vulnerability-Lookup

CNVD-2020-03016

Vulnerability from cnvd - Published: 2020-01-21

Title

OKER G232V1访问控制错误漏洞

Description

OKER G232V1是一款网络摄像机。 OKER G232V1 v1.03.02.20161129版本中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。攻击者可利用该漏洞以root特权执行任意命令并进行进一步的攻击。

Severity

高

Formal description

目前厂商尚未提供相关漏洞补丁链接，请关注厂商主页随时更新： http://www.okerthai.com

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-20348

Impacted products

Name
OKER G232V1 1.03.02.20161129

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-20348"
    }
  },
  "description": "OKER G232V1\u662f\u4e00\u6b3e\u7f51\u7edc\u6444\u50cf\u673a\u3002\n\nOKER G232V1 v1.03.02.20161129\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u9650\u5236\u6765\u81ea\u672a\u6388\u6743\u89d2\u8272\u7684\u8d44\u6e90\u8bbf\u95ee\u3002 \u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u7279\u6743\u6267\u884c\u4efb\u610f\u547d\u4ee4\u5e76\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u968f\u65f6\u66f4\u65b0\uff1a\r\nhttp://www.okerthai.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03016",
  "openTime": "2020-01-21",
  "products": {
    "product": "OKER G232V1 1.03.02.20161129"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-20348",
  "serverity": "\u9ad8",
  "submitTime": "2020-01-07",
  "title": "OKER G232V1\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2019-20348 (GCVE-0-2019-20348)

Vulnerability from cvelistv5 – Published: 2020-01-06 20:31 – Updated: 2024-08-05 02:39

Summary

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://gist.github.com/tanprathan/24cab2eb02937f…

x_refsource_MISC

Date Public ?

2020-01-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:39:09.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/tanprathan/24cab2eb02937f86961c6380b47ce385"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-01-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-06T20:31:13.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/tanprathan/24cab2eb02937f86961c6380b47ce385"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-20348",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gist.github.com/tanprathan/24cab2eb02937f86961c6380b47ce385",
              "refsource": "MISC",
              "url": "https://gist.github.com/tanprathan/24cab2eb02937f86961c6380b47ce385"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-20348",
    "datePublished": "2020-01-06T20:31:13.000Z",
    "dateReserved": "2020-01-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:39:09.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-03016

CVE-2019-20348 (GCVE-0-2019-20348)

Tags

Sightings

Nomenclature