CVE-2020-20183

Published: Dec 14, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.

Affected (1)

Products: Zyxel: P1302 T10 V3 Firmware

Zyxel

1 product

P1302 T10 V3 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel P1302 T10 V3 Firmware	Version 2.00

Running on/with	Platform Versions
Zyxel P1302 T10 V3	All versions

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://www.zyxel.com/us/en/support/P1302-T10D-v3-modem-insecure-direct-object-reference-vulnerability.shtml

Source: cve@mitre.org

Vendor Advisory

https://www.zyxel.com/us/en/support/P1302-T10D-v3-modem-insecure-direct-object-reference-vulnerability.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.