CVE-2020-24355 - OpenCVE

Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zyxel	Vmg5313-b30b Vmg5313-b30b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:vmg5313-b30b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:vmg5313-b30b:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B
https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B_part2
https://www.zyxel.com/support/security_advisories.shtml

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-02T11:15:09

Updated: 2024-08-04T15:12:08.714Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-24355

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-02T12:15:10.550

Modified: 2020-09-11T16:17:01.523

Link: CVE-2020-24355

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing \"FirstIndex\" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-02T11:15:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.zyxel.com/support/security_advisories.shtml"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B_part2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24355", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing \"FirstIndex\" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.zyxel.com/support/security_advisories.shtml", "refsource": "MISC", "url": "https://www.zyxel.com/support/security_advisories.shtml"}, {"name": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B", "refsource": "MISC", "url": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B"}, {"name": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B_part2", "refsource": "MISC", "url": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B_part2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:08.714Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zyxel.com/support/security_advisories.shtml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B_part2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24355", "datePublished": "2020-09-02T11:15:09", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T15:12:08.714Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg5313-b30b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA4E65FE-9E1F-4BCB-8324-8410F1B61028", "versionEndIncluding": "5.13\\(abcj.6\\)b3_1127", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg5313-b30b:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7EA4CE3-B596-42B3-9525-2C48641F3F4A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing \"FirstIndex\" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion."}, {"lang": "es", "value": "El enrutador Zyxel VMG5313-B30B en la versi\u00f3n de firmware 5.13 (ABCJ.6) b3_1127, y posiblemente las versiones de firmware anteriores, est\u00e1n afectadas por permisos no seguros que permiten a usuarios regulares y de otro tipo crear nuevos usuarios con privilegios elevados. Esto se hace al cambiar el campo \"FirstIndex\" en JSON que es Publicado durante la creaci\u00f3n de la cuenta. Tambi\u00e9n es posible hacer algo similar con la eliminaci\u00f3n de la cuenta"}], "id": "CVE-2020-24355", "lastModified": "2020-09-11T16:17:01.523", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-02T12:15:10.550", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.somegeneric.ninja/Zyxel_VMG5153_B30B_part2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/support/security_advisories.shtml"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}