Lucene search

[email protected]NVD:CVE-2020-23592

HistoryNov 23, 2022 - 2:15 a.m.

CVE-2020-23592

2022-11-2302:15:09

CWE-352

[email protected]

web.nvd.nist.gov

vulnerability

optilink

cross-site request forgery

csrf

reset onu

factory default

escalation of privileges

default credentials

remote attacker

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.5%

JSON

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ’ /mgm_dev_reset.asp.’ Resetting to default leads to Escalation of Privileges by logging-in with default credentials.

Affected configurations

Nvd

Node

optilinknetworkop-xt71000n_firmwareMatch3.3.1-191028

AND

optilinknetworkop-xt71000nMatch2.2

VendorProductVersionCPE
optilinknetworkop-xt71000n_firmware3.3.1-191028cpe:2.3:o:optilinknetwork:op-xt71000n_firmware:3.3.1-191028:*:*:*:*:*:*:*
optilinknetworkop-xt71000n2.2cpe:2.3:h:optilinknetwork:op-xt71000n:2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
optilinknetwork	op-xt71000n_firmware	3.3.1-191028	cpe:2.3:o:optilinknetwork:op-xt71000n_firmware:3.3.1-191028:::::::*
optilinknetwork	op-xt71000n	2.2	cpe:2.3:h:optilinknetwork:op-xt71000n:2.2:::::::*

References

github.com/huzaifahussain98/CVE-2020-23592

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.5%

JSON

Related for NVD:CVE-2020-23592

cvelist1 cve1 prion1