CVE-2020-8090 - OpenCVE

The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login).

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
A1	Wlan Box Adb Vv2220 Firmware Wlan Box Adb Vv2220

Configuration 1 [-]

AND

cpe:2.3:o:a1:wlan_box_adb_vv2220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:a1:wlan_box_adb_vv2220:2:*:*:*:*:*:*:*

References

Link	Resource
https://sku11army.blogspot.com/2020/01/a1-modem-wlan-box-adb-vv2220.html	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-27T21:34:46

Updated: 2020-01-27T21:34:45

Reserved: 2020-01-27T00:00:00

Link: CVE-2020-8090

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-27T22:15:11.267

Modified: 2020-01-29T20:34:34.027

Link: CVE-2020-8090

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:a1:wlan_box_adb_vv2220_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD7C4558-A468-4351-9231-632A8E25881F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:a1:wlan_box_adb_vv2220:2:*:*:*:*:*:*:*", "matchCriteriaId": "A8407B24-2426-4517-B08A-0D372B1F09DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login)."}, {"lang": "es", "value": "El campo Username en la configuraci\u00f3n del Storage Service de los dispositivos A1 WLAN Box ADB versi\u00f3n VV2220v2, permite un ataque de tipo XSS almacenado (despu\u00e9s de un inicio de sesi\u00f3n de Administrador con \u00e9xito)."}], "id": "CVE-2020-8090", "lastModified": "2020-01-29T20:34:34.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T22:15:11.267", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sku11army.blogspot.com/2020/01/a1-modem-wlan-box-adb-vv2220.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}