Vulnerability Description
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sumavision | Enhanced Multimedia Router Firmware | 3.0.4.27 |
| Sumavision | Enhanced Multimedia Router | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-ExploitThird Party AdvisoryVDB Entry
- https://github.com/s1kr10s/Sumavision_EMR3.0ExploitThird Party Advisory
- https://www.youtube.com/watch?v=Ufcj4D9eA5oExploitThird Party Advisory
- http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-ExploitThird Party AdvisoryVDB Entry
- https://github.com/s1kr10s/Sumavision_EMR3.0ExploitThird Party Advisory
- https://www.youtube.com/watch?v=Ufcj4D9eA5oExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-US Government Resource
FAQ
What is CVE-2020-10181?
CVE-2020-10181 is a vulnerability with a CVSS score of 9.8 (CRITICAL). goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_use...
How severe is CVE-2020-10181?
CVE-2020-10181 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-10181?
Check the references section above for vendor advisories and patch information. Affected products include: Sumavision Enhanced Multimedia Router Firmware, Sumavision Enhanced Multimedia Router.