CVE-2020-9420

Published: Dec 14, 2022Modified: Apr 22, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router.

Affected (1)

Products: Arcadyan: Vrv9506jac23 Firmware

Arcadyan

1 product

Vrv9506jac23 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arcadyan Vrv9506jac23 Firmware	All versions

Running on/with	Platform Versions
Arcadyan Vrv9506jac23	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://gist.github.com/AsherDLL/03d0762b5a535e300f1121caebe333ce

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/AsherDLL/03d0762b5a535e300f1121caebe333ce

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.