CVE-2020-7842

{"id": "CVE-2020-7842", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}, {"type": "Secondary", "source": "vuln@krcert.or.kr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2020-11-20T16:15:15.837", "references": [{"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35797", "tags": ["Third Party Advisory"], "source": "vuln@krcert.or.kr"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "vuln@krcert.or.kr", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D'live set-top box AP(WF2429TB) v1.1.10."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de comprobaci\u00f3n inapropiada de entrada en Netis Korea D'live AP, que podr\u00eda causar una inyecci\u00f3n y ejecuci\u00f3n de comandos arbitrarios cuando se configura el tiempo (usando el par\u00e1metro ntpServerlp1) para los usuarios. Esto afecta a D'live set-top box AP(WF2429TB) versi\u00f3n v1.1.10"}], "lastModified": "2021-10-19T12:07:55.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netu:wf2429tb_firmware:1.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60F1AA7D-1D24-4213-9FE5-09BE67FBE456"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netu:wf2429tb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0BE49EE6-E80B-4BE7-A4FC-E687872C315A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vuln@krcert.or.kr"}