CVE Vulnerability

CVE-2019-20004

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://medium.com/@rsantos_14778/remote-control-cve-2019-20004-21f77e976715 Exploit Third Party Advisory
http://en.intelbras.com.br/downloads Vendor Advisory
Configurations

Configuration 1
Information

Published : 2020-01-05 11:15

Updated : 2020-01-14 06:20

NVD link : CVE-2019-20004

Mitre link : CVE-2019-20004

Products Affected

Intelbras

Iwr 3000n Firmware

CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password