CVE-2020-24987 - OpenCVE

Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius".

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tendacn	Ac18 Ac18 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*

cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*

cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cwe.mitre.org/data/definitions/287.html
https://drive.google.com/file/d/1iqpr0EofOBC6kCq2USTOBPRlJu_naFjQ/view?usp=sharing
https://www.tendacn.com/en/product/AC18.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-04T19:24:39

Updated: 2024-08-04T15:26:09.361Z

Reserved: 2020-08-28T00:00:00

Link: CVE-2020-24987

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-04T20:15:13.480

Modified: 2022-11-07T13:39:32.760

Link: CVE-2020-24987

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to \"radius\"."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-10T20:20:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tendacn.com/en/product/AC18.html"}, {"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/file/d/1iqpr0EofOBC6kCq2USTOBPRlJu_naFjQ/view?usp=sharing"}, {"tags": ["x_refsource_MISC"], "url": "https://cwe.mitre.org/data/definitions/287.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24987", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to \"radius\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.tendacn.com/en/product/AC18.html", "refsource": "MISC", "url": "https://www.tendacn.com/en/product/AC18.html"}, {"name": "https://drive.google.com/file/d/1iqpr0EofOBC6kCq2USTOBPRlJu_naFjQ/view?usp=sharing", "refsource": "MISC", "url": "https://drive.google.com/file/d/1iqpr0EofOBC6kCq2USTOBPRlJu_naFjQ/view?usp=sharing"}, {"name": "https://cwe.mitre.org/data/definitions/287.html", "refsource": "MISC", "url": "https://cwe.mitre.org/data/definitions/287.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:26:09.361Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tendacn.com/en/product/AC18.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/file/d/1iqpr0EofOBC6kCq2USTOBPRlJu_naFjQ/view?usp=sharing"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cwe.mitre.org/data/definitions/287.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24987", "datePublished": "2020-09-04T19:24:39", "dateReserved": "2020-08-28T00:00:00", "dateUpdated": "2024-08-04T15:26:09.361Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5798E4A8-6F1D-45DB-A253-88033163218C", "versionEndIncluding": "v15.03.05.05_en", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "677F497C-FD6E-4A6C-A7A9-281E5453A78B", "versionEndIncluding": "v15.03.05.19\\(6318\\)_cn", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to \"radius\"."}, {"lang": "es", "value": "El enrutador Tenda AC18 versiones hasta V15.03.05.05_EN y versiones hasta V15.03.05.19(6318), los dispositivos CN podr\u00edan causar una ejecuci\u00f3n remota de c\u00f3digo debido a un manejo de autenticaci\u00f3n incorrecto de la funci\u00f3n vulnerable logincheck() en el archivo /usr/lib/lua/ngx_authserver/ngx_wdas.lua si la interfaz de usuario del administrador est\u00e1 configurada en \"radius\""}], "id": "CVE-2020-24987", "lastModified": "2022-11-07T13:39:32.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-04T20:15:13.480", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cwe.mitre.org/data/definitions/287.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://drive.google.com/file/d/1iqpr0EofOBC6kCq2USTOBPRlJu_naFjQ/view?usp=sharing"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.tendacn.com/en/product/AC18.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}