CVE-2020-12106

Published: Aug 12, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthenticated users to send HTTP POST request to several critical Administrative functions such as, changing credentials of the Administrator account or connect the product to a rogue access point.

Affected (1)

Products: Stengg: Vpncrypt M10 Firmware

1 product

Vpncrypt M10 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Stengg Vpncrypt M10 Firmware	Version 2.6.5

Running on/with	Platform Versions
Stengg Vpncrypt M10	All versions

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://www.stengg.com/cybersecurity

Source: cve@mitre.org

Third Party Advisory

https://www.stengg.com/media/1076253/vpncrypt-m10-cve-advisory-notice.pdf

Source: cve@mitre.org

Third Party Advisory

https://www.stengg.com/cybersecurity

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.stengg.com/media/1076253/vpncrypt-m10-cve-advisory-notice.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.