CVE-2020-14054 — CRITICAL (9.8)

Vulnerability Description

SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sokkia	Gnr5 Vanguard Firmware	1.2
Sokkia	Gnr5 Vanguard	212

Related Weaknesses (CWE)

CWE-89

References

http://www.hemayate.com/?page_id=3683Third Party Advisory
http://www.hemayate.com/?page_id=3683Third Party Advisory

FAQ

What is CVE-2020-14054?

CVE-2020-14054 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that u...

How severe is CVE-2020-14054?

CVE-2020-14054 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-14054?

Check the references section above for vendor advisories and patch information. Affected products include: Sokkia Gnr5 Vanguard Firmware, Sokkia Gnr5 Vanguard.