CVE-2020-10206 - OpenCVE

Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amino	Ak45x Ak45x Firmware Ak5xx Ak5xx Firmware Ak65x Ak65x Firmware Aria6xx Aria6xx Firmware Aria7xx Aria7xx Firmware Kami7b Kami7b Firmware

Configuration 1 [-]

AND

cpe:2.3:h:amino:ak45x:-:*:*:*:*:*:*:*

cpe:2.3:o:amino:ak45x_firmware:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:amino:ak5xx:-:*:*:*:*:*:*:*

cpe:2.3:o:amino:ak5xx_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:amino:ak65x:-:*:*:*:*:*:*:*

cpe:2.3:o:amino:ak65x_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:amino:aria6xx:-:*:*:*:*:*:*:*

cpe:2.3:o:amino:aria6xx_firmware:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:amino:aria7xx:-:*:*:*:*:*:*:*

cpe:2.3:o:amino:aria7xx_firmware:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:amino:kami7b:-:*:*:*:*:*:*:*

cpe:2.3:o:amino:kami7b_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#dda4

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-29T23:47:17

Updated: 2024-08-04T10:58:39.907Z

Reserved: 2020-03-06T00:00:00

Link: CVE-2020-10206

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-30T00:15:12.550

Modified: 2021-01-14T16:07:57.373

Link: CVE-2020-10206

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-12-18T00:00:00", "descriptions": [{"lang": "en", "value": "Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-29T23:47:17", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#dda4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10206", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#dda4", "refsource": "MISC", "url": "https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#dda4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:58:39.907Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#dda4"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10206", "datePublished": "2020-12-29T23:47:17", "dateReserved": "2020-03-06T00:00:00", "dateUpdated": "2024-08-04T10:58:39.907Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:amino:ak45x:-:*:*:*:*:*:*:*", "matchCriteriaId": "76A99F2F-7D78-490E-80E1-C6365086927A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:amino:ak45x_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A76D2886-66B2-4799-96C8-E00D961A91F7", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:amino:ak5xx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B705E2F1-531C-4C54-80AB-D60F6B0502C0", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:amino:ak5xx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "50613865-0630-4A8B-9926-28A28DBA81F6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:amino:ak65x:-:*:*:*:*:*:*:*", "matchCriteriaId": "85E252BA-19CD-46CD-B28D-7244C15BD2E1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:amino:ak65x_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "487267C4-706E-48CF-AFF1-19F41F8DB917", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:amino:aria6xx:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A1289FA-97E8-4425-90A2-6106C1A3D2D1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:amino:aria6xx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E5B6C05-BF1B-418C-9E63-EA3BD2F5BF07", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:amino:aria7xx:-:*:*:*:*:*:*:*", "matchCriteriaId": "A04DE3CC-DAC8-47A6-97FF-9218A0A3A7B0", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:amino:aria7xx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "28C2F709-6152-4EDA-8E4C-4B36298C2E11", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:amino:kami7b:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE3E103-579F-42B2-952A-3E8BEEB72684", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:amino:kami7b_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "99CC4665-08AE-4DAE-B6E0-917188767345", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device."}, {"lang": "es", "value": "El uso de una Contrase\u00f1a embebida en VNCserver en Amino Communications serie AK45x, serie AK5xx, serie AK65x, serie Aria6xx, serie Aria7/AK7Xx y Kami7B, permite a atacantes locales visualizar e interactuar con la salida de video del dispositivo"}], "evaluatorComment": "The products as shown in the CPE configuration are placeholders for each product series.", "id": "CVE-2020-10206", "lastModified": "2021-01-14T16:07:57.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-30T00:15:12.550", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#dda4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}