VAR-202010-0830
Vulnerability from variot - Updated: 2024-11-23 22:40An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges. fs.com S3900 24T4S Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. fs.com S3900-24T4S is a gigabit stackable switch from China's fast innovation (fs) company. The FS S3900-24T4S switch is equipped with 24 10/100/1000Base-T ports, 4 10G SFP+ uplink ports, supports stacking of up to 6 switches, simple operation, highly secure business processing capabilities, flexible network deployment, and no Border network experience and complete QoS control strategy.
The fs.com S3900 24T4S version 1.7.0 and previous versions have security vulnerabilities. Authentication mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0830",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s3900 24t4s",
"scope": "lte",
"trust": 1.0,
"vendor": "fs",
"version": "1.7.0"
},
{
"model": "s3900-24t4s",
"scope": "eq",
"trust": 0.8,
"vendor": "fs com",
"version": null
},
{
"model": "s3900-24t4s",
"scope": "lte",
"trust": 0.8,
"vendor": "fs com",
"version": "s3900-24t4s firmware 1.7.0 and earlier"
},
{
"model": "fs.com s3900-24t4s",
"scope": "lte",
"trust": 0.6,
"vendor": "fs",
"version": "\u003c=1.7.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"db": "NVD",
"id": "CVE-2020-24033"
}
]
},
"cve": "CVE-2020-24033",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-24033",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-62801",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-24033",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-24033",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-24033",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-24033",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-62801",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1194",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-24033",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"db": "VULMON",
"id": "CVE-2020-24033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1194"
},
{
"db": "NVD",
"id": "CVE-2020-24033"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges. fs.com S3900 24T4S Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. fs.com S3900-24T4S is a gigabit stackable switch from China\u0027s fast innovation (fs) company. The FS S3900-24T4S switch is equipped with 24 10/100/1000Base-T ports, 4 10G SFP+ uplink ports, supports stacking of up to 6 switches, simple operation, highly secure business processing capabilities, flexible network deployment, and no Border network experience and complete QoS control strategy. \n\r\n\r\nThe fs.com S3900 24T4S version 1.7.0 and previous versions have security vulnerabilities. Authentication mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"db": "VULMON",
"id": "CVE-2020-24033"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24033",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012808",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-62801",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1194",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-24033",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"db": "VULMON",
"id": "CVE-2020-24033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1194"
},
{
"db": "NVD",
"id": "CVE-2020-24033"
}
]
},
"id": "VAR-202010-0830",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62801"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62801"
}
]
},
"last_update_date": "2024-11-23T22:40:55.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FS\u00a0S3900 Series switch",
"trust": 0.8,
"url": "https://community.fs.com/jp/support/fs-s3900-series-gigabit-stackable-switches-overview.html"
},
{
"title": "Patch for fs.com S3900-24T4S cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/239644"
},
{
"title": "fs.com S3900-24T4S Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131431"
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/Jonathan-Elias/PoC "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"db": "VULMON",
"id": "CVE-2020-24033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1194"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"db": "NVD",
"id": "CVE-2020-24033"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/m0nsterrr/cve-2020-24033"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24033"
},
{
"trust": 1.7,
"url": "https://github.com/m0nsterrr/s3900-24t4s-csrf-vulnerability"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/jonathan-elias/poc"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"db": "VULMON",
"id": "CVE-2020-24033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1194"
},
{
"db": "NVD",
"id": "CVE-2020-24033"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"db": "VULMON",
"id": "CVE-2020-24033"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1194"
},
{
"db": "NVD",
"id": "CVE-2020-24033"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24033"
},
{
"date": "2021-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1194"
},
{
"date": "2020-10-22T14:15:13.457000",
"db": "NVD",
"id": "CVE-2020-24033"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"date": "2020-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24033"
},
{
"date": "2021-06-03T08:40:00",
"db": "JVNDB",
"id": "JVNDB-2020-012808"
},
{
"date": "2020-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1194"
},
{
"date": "2024-11-21T05:14:20.587000",
"db": "NVD",
"id": "CVE-2020-24033"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1194"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fs.com S3900-24T4S cross-site request forgery vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-62801"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1194"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1194"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…