CVE-2020-3924 — MEDIUM (6.4)

Q: What is CVE-2020-3924?

CVE-2020-3924 is a vulnerability with a CVSS score of 6.4 (MEDIUM). DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.

Q: How severe is CVE-2020-3924?

CVE-2020-3924 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-3924?

Check the references section above for vendor advisories and patch information. Affected products include: Tonnet Tat-77104G1 Firmware, Tonnet Tat-77104G1, Tonnet Tat-70432N Firmware, Tonnet Tat-70432N, Tonnet Tat-71416G1 Firmware.

Vulnerability Description

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tonnet	Tat-77104G1 Firmware	<= tat-77104g1_20190107
Tonnet	Tat-77104G1	-
Tonnet	Tat-70432N Firmware	<= tat-77208g1_20181225
Tonnet	Tat-70432N	-
Tonnet	Tat-71416G1 Firmware	<= tat-71416g1_20181225
Tonnet	Tat-71416G1	-
Tonnet	Tat-71832G1 Firmware	<= tat-71832g1_20190510
Tonnet	Tat-71832G1	-
Tonnet	Tat-76104G3 Firmware	<= 20181220_76104g3
Tonnet	Tat-76104G3	-
Tonnet	Tat-76108G3 Firmware	<= 20181221_76208g3
Tonnet	Tat-76108G3	-
Tonnet	Tat-76116G3 Firmware	<= 20181221_76216g3
Tonnet	Tat-76116G3	-
Tonnet	Tat-76132G3 Firmware	<= tat-70832g3_20181221-1
Tonnet	Tat-76132G3	-

Related Weaknesses (CWE)

CWE-77

References

https://tvn.twcert.org.tw/taiwanvn/TVN-201910004Third Party Advisory
https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcfThird Party Advisory
https://tvn.twcert.org.tw/taiwanvn/TVN-201910004Third Party Advisory
https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcfThird Party Advisory

FAQ

What is CVE-2020-3924?

CVE-2020-3924 is a vulnerability with a CVSS score of 6.4 (MEDIUM). DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.

How severe is CVE-2020-3924?

CVE-2020-3924 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3924?

Check the references section above for vendor advisories and patch information. Affected products include: Tonnet Tat-77104G1 Firmware, Tonnet Tat-77104G1, Tonnet Tat-70432N Firmware, Tonnet Tat-70432N, Tonnet Tat-71416G1 Firmware.