CVE-2020-10207 - OpenCVE

Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Amino	Aria7xx Ak45x Firmware Ak5xx Kami7b Firmware Ak5xx Firmware Aria7xx Firmware Aria6xx Firmware Aria6xx Kami7b Ak65x Ak45x Ak65x Firmware

Configuration 1 [-]

AND

cpe:2.3:o:amino:ak45x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:ak45x:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amino:ak5xx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:ak5xx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amino:ak65x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:ak65x:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amino:aria6xx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:aria6xx:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amino:aria7xx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:aria7xx:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amino:kami7b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amino:kami7b:-:*:*:*:*:*:*:*

References

Link	Resource
https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#87fe	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-29T22:15:06

Updated: 2020-12-29T22:15:06

Reserved: 2020-03-06T00:00:00

Link: CVE-2020-10207

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-12-29T23:15:12.190

Modified: 2021-01-14T16:07:22.637

Link: CVE-2020-10207

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amino:ak45x_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A76D2886-66B2-4799-96C8-E00D961A91F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amino:ak45x:-:*:*:*:*:*:*:*", "matchCriteriaId": "76A99F2F-7D78-490E-80E1-C6365086927A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amino:ak5xx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "50613865-0630-4A8B-9926-28A28DBA81F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amino:ak5xx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B705E2F1-531C-4C54-80AB-D60F6B0502C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amino:ak65x_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "487267C4-706E-48CF-AFF1-19F41F8DB917", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amino:ak65x:-:*:*:*:*:*:*:*", "matchCriteriaId": "85E252BA-19CD-46CD-B28D-7244C15BD2E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amino:aria6xx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E5B6C05-BF1B-418C-9E63-EA3BD2F5BF07", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amino:aria6xx:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A1289FA-97E8-4425-90A2-6106C1A3D2D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amino:aria7xx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "28C2F709-6152-4EDA-8E4C-4B36298C2E11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amino:aria7xx:-:*:*:*:*:*:*:*", "matchCriteriaId": "A04DE3CC-DAC8-47A6-97FF-9218A0A3A7B0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amino:kami7b_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "99CC4665-08AE-4DAE-B6E0-917188767345", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amino:kami7b:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CE3E103-579F-42B2-952A-3E8BEEB72684", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings."}, {"lang": "es", "value": "El uso de credenciales embebidas en EntoneWebEngine en Amino Communications serie AK45x, serie AK5xx, serie AK65x, serie Aria6xx, serie Aria7/AK7Xx y Kami7B, permite a atacantes remotos recuperar y modificar la configuraci\u00f3n del dispositivo"}], "evaluatorComment": "The products as shown in the CPE configuration are placeholders for each product series.", "id": "CVE-2020-10207", "lastModified": "2021-01-14T16:07:22.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-29T23:15:12.190", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://andre-oudhof.medium.com/pwning-my-isps-stbs-c5e78544274d#87fe"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}