Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability found for ik-401 by plummac
VAR-202012-0851
Vulnerability from variot - Updated: 2024-11-23 22:25An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single unauthenticated GET request. Plum IK-401 The device contains a vulnerability related to insufficient protection of credentials.Information may be obtained. Plum Ik-401 is a 4G modem/router used in industrial environments from Plum in Germany.
Plum IK-401 version prior to 1.02 has a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0851",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ik-401",
"scope": "lt",
"trust": 1.0,
"vendor": "plummac",
"version": "1.02"
},
{
"model": "ik-401",
"scope": "eq",
"trust": 0.8,
"vendor": "plum",
"version": "plum ik-401 firmware 1.02"
},
{
"model": "ik-401",
"scope": "eq",
"trust": 0.8,
"vendor": "plum",
"version": null
},
{
"model": "ik-401",
"scope": "lt",
"trust": 0.6,
"vendor": "plum",
"version": "1.02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01058"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"db": "NVD",
"id": "CVE-2020-28946"
}
]
},
"cve": "CVE-2020-28946",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-28946",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-01058",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-28946",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-28946",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-28946",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-28946",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-01058",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-648",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01058"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-648"
},
{
"db": "NVD",
"id": "CVE-2020-28946"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attacker (with network access to the device) to obtain the configuration file, including hashed credential data. Successful exploitation could allow access to hashed credential data with a single unauthenticated GET request. Plum IK-401 The device contains a vulnerability related to insufficient protection of credentials.Information may be obtained. Plum Ik-401 is a 4G modem/router used in industrial environments from Plum in Germany. \n\r\n\r\nPlum IK-401 version prior to 1.02 has a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28946"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"db": "CNVD",
"id": "CNVD-2021-01058"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28946",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014281",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-01058",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-648",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01058"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-648"
},
{
"db": "NVD",
"id": "CVE-2020-28946"
}
]
},
"id": "VAR-202012-0851",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01058"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01058"
}
]
},
"last_update_date": "2024-11-23T22:25:14.340000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IK-401",
"trust": 0.8,
"url": "https://plummac.com/project/ik-401/"
},
{
"title": "Patch for Plum Ik-401 security issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/243364"
},
{
"title": "Plum Ik-401 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136789"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01058"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-648"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Inadequate protection of credentials (CWE-522) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"db": "NVD",
"id": "CVE-2020-28946"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28946"
},
{
"trust": 1.6,
"url": "https://plummac.com/project/ik-401/"
},
{
"trust": 1.6,
"url": "https://www.cert.pl/news/single/coraz-wiecej-urzadzen-przemyslowych-podlaczonych-do-internetu/"
},
{
"trust": 0.8,
"url": "https://www.cert.pl/posts/2020/12/coraz-wiecej-urzadzen-przemyslowych-podlaczonych-do-internetu/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01058"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-648"
},
{
"db": "NVD",
"id": "CVE-2020-28946"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-01058"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-648"
},
{
"db": "NVD",
"id": "CVE-2020-28946"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-01058"
},
{
"date": "2021-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"date": "2020-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-648"
},
{
"date": "2020-12-08T20:15:15.713000",
"db": "NVD",
"id": "CVE-2020-28946"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-01058"
},
{
"date": "2021-08-13T08:43:00",
"db": "JVNDB",
"id": "JVNDB-2020-014281"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-648"
},
{
"date": "2024-11-21T05:23:21.203000",
"db": "NVD",
"id": "CVE-2020-28946"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-648"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Plum\u00a0IK-401\u00a0 Inadequate protection of credentials on devices Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014281"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-648"
}
],
"trust": 0.6
}
}