CVE-2020-10206 - Vulnerability Details

Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Key SSVC decision points have not yet been added.

Vendors	Products
Amino	Ak45x Ak45x Firmware Ak5xx Ak5xx Firmware Ak65x Ak65x Firmware Aria6xx Aria6xx Firmware Aria7xx Aria7xx Firmware Kami7b Kami7b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:amino:ak45x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:ak45x:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amino:ak5xx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:ak5xx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amino:ak65x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:ak65x:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amino:aria6xx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:aria6xx:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amino:aria7xx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:aria7xx:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amino:kami7b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:kami7b:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-2664	Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#dda4

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-29T23:47:17

Updated: 2024-08-04T10:58:39.907Z

Reserved: 2020-03-06T00:00:00

Link: CVE-2020-10206

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-30T00:15:12.550

Modified: 2024-11-21T04:54:57.707

Link: CVE-2020-10206

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object