CVE-2020-9420 — MEDIUM (6.5)

Vulnerability Description

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Arcadyan	Vrv9506Jac23 Firmware	-
Arcadyan	Vrv9506Jac23	-

Related Weaknesses (CWE)

CWE-319

References

https://gist.github.com/AsherDLL/03d0762b5a535e300f1121caebe333ceExploitThird Party Advisory
https://gist.github.com/AsherDLL/03d0762b5a535e300f1121caebe333ceExploitThird Party Advisory

FAQ

What is CVE-2020-9420?

CVE-2020-9420 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative crede...

How severe is CVE-2020-9420?

CVE-2020-9420 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9420?

Check the references section above for vendor advisories and patch information. Affected products include: Arcadyan Vrv9506Jac23 Firmware, Arcadyan Vrv9506Jac23.