VAR-202010-0833
Vulnerability from variot - Updated: 2024-11-23 22:25A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Freebox Server Contains a spoofing authentication evasion vulnerability.Information may be obtained. The Freebox server is a DSL modem, router, Wi-Fi hotspot, NAS (250 GB hard disk), DECT base with up to 8 connected DECT phones, and digital video recorder-T for TNT (also known as DVB) And IPTV.
Versions of Freebox Server prior to 4.2.3 have security vulnerabilities. The vulnerabilities stem from the existence of DNS rebinding vulnerabilities in the implementation of UPnP MediaServer, allowing attackers to gain access to the local area network by manipulating the DNS (Domain Name Service) working mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0833",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freebox server",
"scope": "lt",
"trust": 1.0,
"vendor": "free",
"version": "4.2.3"
},
{
"model": "freebox v5",
"scope": "lt",
"trust": 1.0,
"vendor": "free",
"version": "1.5.29"
},
{
"model": "freebox server",
"scope": null,
"trust": 0.8,
"vendor": "free",
"version": null
},
{
"model": "freebox v5",
"scope": null,
"trust": 0.8,
"vendor": "free",
"version": null
},
{
"model": "server",
"scope": "lt",
"trust": 0.6,
"vendor": "freebox",
"version": "4.2.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"cve": "CVE-2020-24375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-24375",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-64596",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-24375",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-24375",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-24375",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-24375",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-64596",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-883",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-24375",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Freebox Server Contains a spoofing authentication evasion vulnerability.Information may be obtained. The Freebox server is a DSL modem, router, Wi-Fi hotspot, NAS (250 GB hard disk), DECT base with up to 8 connected DECT phones, and digital video recorder-T for TNT (also known as DVB) And IPTV. \n\r\n\r\nVersions of Freebox Server prior to 4.2.3 have security vulnerabilities. The vulnerabilities stem from the existence of DNS rebinding vulnerabilities in the implementation of UPnP MediaServer, allowing attackers to gain access to the local area network by manipulating the DNS (Domain Name Service) working mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24375",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-64596",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-24375",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"id": "VAR-202010-0833",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
}
]
},
"last_update_date": "2024-11-23T22:25:20.909000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "freebox",
"trust": 0.8,
"url": "https://dev.freebox.fr/blog/?p=10222"
},
{
"title": "Patch for Freebox server DNS rebinding vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/240430"
},
{
"title": "Freebox server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131412"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24375"
},
{
"trust": 1.7,
"url": "https://dev.freebox.fr/blog/?p=10222"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/290.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"date": "2021-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-883"
},
{
"date": "2020-10-19T19:15:14.753000",
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"date": "2020-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"date": "2021-05-20T06:18:00",
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-883"
},
{
"date": "2024-11-21T05:14:41.883000",
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Freebox\u00a0Server\u00a0 Spoofing Authentication Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…