Lucene search

[email protected]CVE-2020-26732

HistoryJan 14, 2021 - 4:15 p.m.

CVE-2020-26732

2021-01-1416:15:17

CWE-311

[email protected]

web.nvd.nist.gov

cve-2020-26732

skyworth

gn542vf

boa

session cookie

vulnerability

https

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

JSON

SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

Affected configurations

NVD

Node

skyworthgn542vf_boaMatch-

AND

skyworthgn542vf_boa_firmwareMatch0.94.13

CPENameOperatorVersion
skyworth:gn542vf_boa_firmwareskyworth gn542vf boa firmwareeq0.94.13

CPE	Name	Operator	Version
skyworth:gn542vf_boa_firmware	skyworth gn542vf boa firmware	eq	0.94.13

References

github.com/swzhouu/CVE-2020-26732

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for CVE-2020-26732

nvd1 githubexploit1 cvelist1 prion1