VAR-202103-0234
Vulnerability from variot - Updated: 2024-11-23 22:54Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 device Contains a code injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Askey is the world's largest professional manufacturer of international network communication equipment, and its main products include ADSL and Cable
Modem, ADSL Router, Cable Router, etc.
Askey fiber router unauthorized RCE vulnerability, unauthorized remote attackers can use this vulnerability to execute arbitrary commands on the target device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0234",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rtf3505vw-n1 br sv g000 r3505vwn1001 s32 7",
"scope": "eq",
"trust": 1.0,
"vendor": "askey",
"version": null
},
{
"model": "rtf3505vw-n1 br sv g000 r3505vwn1001 s32 7",
"scope": "eq",
"trust": 0.8,
"vendor": "askey computer",
"version": "rtf3505vw-n1 br_sv_g000_r3505vwn1001_s32_7 firmware"
},
{
"model": "rtf3505vw-n1 br sv g000 r3505vwn1001 s32 7",
"scope": "eq",
"trust": 0.8,
"vendor": "askey computer",
"version": null
},
{
"model": "fiber router rtf3505vw-n1",
"scope": null,
"trust": 0.6,
"vendor": "askey",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"cve": "CVE-2020-28695",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-28695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-29857",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-28695",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-28695",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-28695",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-28695",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-29857",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1568",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-28695",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 device Contains a code injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Askey is the world\u0027s largest professional manufacturer of international network communication equipment, and its main products include ADSL and Cable\r\n\r\nModem, ADSL Router, Cable Router, etc. \n\r\n\r\nAskey fiber router unauthorized RCE vulnerability, unauthorized remote attackers can use this vulnerability to execute arbitrary commands on the target device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28695",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-29857",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-28695",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"id": "VAR-202103-0234",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
}
]
},
"last_update_date": "2024-11-23T22:54:53.901000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.askey.com.tw/"
},
{
"title": "Patch for Askey fiber router unauthorized RCE vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/260026"
},
{
"title": "Fiber and SSH Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145798"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Code injection (CWE-94) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://cr1pt0.medium.com/cve-2020-28695-8f8d618ac0b"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28695"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"date": "2021-12-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"date": "2021-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"date": "2021-03-26T18:15:12.030000",
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-29857"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28695"
},
{
"date": "2021-12-03T09:03:00",
"db": "JVNDB",
"id": "JVNDB-2020-016438"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1568"
},
{
"date": "2024-11-21T05:23:08.043000",
"db": "NVD",
"id": "CVE-2020-28695"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Askey\u00a0Fiber\u00a0Router\u00a0RTF3505VW-N1\u00a0BR_SV_g000_R3505VWN1001_s32_7\u00a0 device \u00a0 Code injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016438"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1568"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…