var-202103-0234
Vulnerability from variot
Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 device Contains a code injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Askey is the world's largest professional manufacturer of international network communication equipment, and its main products include ADSL and Cable
Modem, ADSL Router, Cable Router, etc.
Askey fiber router unauthorized RCE vulnerability, unauthorized remote attackers can use this vulnerability to execute arbitrary commands on the target device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0234",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtf3505vw-n1 br sv g000 r3505vwn1001 s32 7",
"scope": "eq",
"trust": 1.0,
"vendor": "askey",
"version": null
},
{
"model": "rtf3505vw-n1 br sv g000 r3505vwn1001 s32 7",
"scope": "eq",
"trust": 0.8,
"vendor": "askey computer",
"version": "rtf3505vw-n1 br_sv_g000_r3505vwn1001_s32_7 firmware"
},
{
"model": "rtf3505vw-n1 br sv g000 r3505vwn1001 s32 7",
"scope": "eq",
"trust": 0.8,
"vendor": "askey computer",
"version": null
},
{
"model": "fiber router rtf3505vw-n1",
"scope": null,
"trust": 0.6,
"vendor": "askey",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"cve": "CVE-2020-28695",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-28695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-29857",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-28695",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-28695",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-28695",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-28695",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-29857",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1568",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-28695",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 device Contains a code injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Askey is the world\u0027s largest professional manufacturer of international network communication equipment, and its main products include ADSL and Cable\r\n\r\nModem, ADSL Router, Cable Router, etc. \n\r\n\r\nAskey fiber router unauthorized RCE vulnerability, unauthorized remote attackers can use this vulnerability to execute arbitrary commands on the target device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28695",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-29857",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-28695",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"id": "VAR-202103-0234",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
}
]
},
"last_update_date": "2024-11-23T22:54:53.901000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.askey.com.tw/"
},
{
"title": "Patch for Askey fiber router unauthorized RCE vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/260026"
},
{
"title": "Fiber and SSH Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145798"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Code injection (CWE-94) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://cr1pt0.medium.com/cve-2020-28695-8f8d618ac0b"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28695"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"date": "2021-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"date": "2021-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"date": "2021-03-26T18:15:12.030000",
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"date": "2021-12-03T09:03:00",
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"date": "2024-11-21T05:23:08.043000",
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Askey\u00a0Fiber\u00a0Router\u00a0RTF3505VW-N1\u00a0BR_SV_g000_R3505VWN1001_s32_7\u00a0 device \u00a0 Code injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.