CVE-2020-11925 - OpenCVE

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Luvion	Grand Elite 3 Connect Grand Elite 3 Connect Firmware

Configuration 1 [-]

AND

cpe:2.3:o:luvion:grand_elite_3_connect_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:luvion:grand_elite_3_connect:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitor/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-02T15:41:46

Updated: 2021-04-02T15:41:46

Reserved: 2020-04-19T00:00:00

Link: CVE-2020-11925

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-02T16:15:13.570

Modified: 2021-04-08T16:16:42.833

Link: CVE-2020-11925

JSON object: View

Redhat Information

No data.

CWE

CWE-522

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:luvion:grand_elite_3_connect_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E09ADD9-BEF1-4065-BA45-B8A78D66D3B4", "versionEndIncluding": "2020-02-25", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:luvion:grand_elite_3_connect:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF22CFEE-FD90-45B3-BC81-CA85979F3C04", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Luvion Grand Elite 3 Connect hasta el 25-02-2020. La autenticaci\u00f3n del dispositivo es basada en un nombre de usuario y una contrase\u00f1a. Las credenciales de root son las mismas en todos los dispositivos de este modelo."}], "id": "CVE-2020-11925", "lastModified": "2021-04-08T16:16:42.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-02T16:15:13.570", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.eurofins-cybersecurity.com/news/connected-devices-baby-monitor/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}