CVE-2020-23036 — MEDIUM (5.9)

Vulnerability Description

MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to read the authentication credentials and follow-up requests containing the user password via a man in the middle attack.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Medianavi	Smacom	1.2

Related Weaknesses (CWE)

CWE-522

References

https://cwe.mitre.org/data/definitions/522.htmlTechnical Description
https://www.vulnerability-lab.com/get_content.php?id=2211ExploitThird Party Advisory
https://cwe.mitre.org/data/definitions/522.htmlTechnical Description
https://www.vulnerability-lab.com/get_content.php?id=2211ExploitThird Party Advisory

FAQ

What is CVE-2020-23036?

CVE-2020-23036 is a vulnerability with a CVSS score of 5.9 (MEDIUM). MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. ...

How severe is CVE-2020-23036?

CVE-2020-23036 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-23036?

Check the references section above for vendor advisories and patch information. Affected products include: Medianavi Smacom.