CVE-2020-7842 — MEDIUM (6.4)

Vulnerability Description

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D'live set-top box AP(WF2429TB) v1.1.10.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netu	Wf2429Tb Firmware	1.1.10
Netu	Wf2429Tb	-

Related Weaknesses (CWE)

CWE-20

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35797Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35797Third Party Advisory

FAQ

What is CVE-2020-7842?

CVE-2020-7842 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. ...

How severe is CVE-2020-7842?

CVE-2020-7842 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7842?

Check the references section above for vendor advisories and patch information. Affected products include: Netu Wf2429Tb Firmware, Netu Wf2429Tb.