CVE-2020-21991

AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.
References
Link Resource
https://www.exploit-db.com/exploits/47822 Exploit Third Party Advisory VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:*
cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts05:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ave:ts05n-v_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts05n-v:-:*:*:*:*:*:*:*

History

19 May 2021, 19:20

Type Values Removed Values Added
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/47822 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/47822 - Exploit, Third Party Advisory, VDB Entry
References (MISC) https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php - (MISC) https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CWE CWE-287
CPE cpe:2.3:h:ave:ts05:-:*:*:*:*:*:*:*
cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts05n-v:-:*:*:*:*:*:*:*
cpe:2.3:o:ave:ts05n-v_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:*
cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:*
cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:*
cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:*
cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:*
cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:*

Information

Published : 2021-04-28 14:15

Updated : 2024-02-04 21:47


NVD link : CVE-2020-21991

Mitre link : CVE-2020-21991

CVE.ORG link : CVE-2020-21991


JSON object : View

Products Affected

ave

  • ts01_firmware
  • ts03x-v_firmware
  • dominaplus
  • ts05n-v
  • ts05n-v_firmware
  • ts05_firmware
  • ts01
  • ts04x-v_firmware
  • ts04x-v
  • ts05
  • 53ab-wbs_firmware
  • 53ab-wbs
  • ts03x-v
CWE
CWE-287

Improper Authentication