CVE-2020-16204 - OpenCVE

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redlion	N-tron 702-w N-tron 702-w Firmware N-tron 702m12-w N-tron 702m12-w Firmware

Configuration 1 [-]

AND

cpe:2.3:o:redlion:n-tron_702-w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:n-tron_702-w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:redlion:n-tron_702m12-w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:n-tron_702m12-w:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html
http://seclists.org/fulldisclosure/2020/Sep/6
https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-09-01T20:46:26

Updated: 2024-08-04T13:37:53.987Z

Reserved: 2020-07-31T00:00:00

Link: CVE-2020-16204

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-01T21:15:12.037

Modified: 2022-10-14T20:56:26.420

Link: CVE-2020-16204

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "N-Tron 702-W / 702M12-W", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions prior to all versions"}]}], "descriptions": [{"lang": "en", "value": "The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "HIDDEN FUNCTIONALITY (BACKDOOR) CWE-912", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-04T20:06:14", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-16204", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "N-Tron 702-W / 702M12-W", "version": {"version_data": [{"version_value": "Versions prior to all versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "HIDDEN FUNCTIONALITY (BACKDOOR) CWE-912"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:37:53.987Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-16204", "datePublished": "2020-09-01T20:46:26", "dateReserved": "2020-07-31T00:00:00", "dateUpdated": "2024-08-04T13:37:53.987Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:n-tron_702-w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E7E2A2E-13BA-46CF-A98D-CC855C381834", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:n-tron_702-w:-:*:*:*:*:*:*:*", "matchCriteriaId": "30885167-CD8F-4026-ADCB-2E07E772ECD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:n-tron_702m12-w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6633FE15-2CF0-4F83-91AB-6B090684C284", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:n-tron_702m12-w:-:*:*:*:*:*:*:*", "matchCriteriaId": "94F253CC-A9DC-463A-93F0-71DD4FC190FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions)."}, {"lang": "es", "value": "El producto afectado es vulnerable debido a una interfaz no documentada que se encuentra en el dispositivo, lo que puede permitir a un atacante ejecutar comandos como root en el dispositivo en los dispositivos N-Tron 702-W / 702M12-W (todas las versiones)"}], "id": "CVE-2020-16204", "lastModified": "2022-10-14T20:56:26.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-01T21:15:12.037", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-912"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}