CVE-2020-16210 - Vulnerability Details - OpenCVE

The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redlion	N-tron 702-w N-tron 702-w Firmware N-tron 702m12-w N-tron 702m12-w Firmware

Configuration 1 [-]

AND

cpe:2.3:o:redlion:n-tron_702-w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:n-tron_702-w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:redlion:n-tron_702m12-w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:redlion:n-tron_702m12-w:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html
http://seclists.org/fulldisclosure/2020/Sep/6
https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-09-01T20:44:46

Updated: 2024-08-04T13:37:54.199Z

Reserved: 2020-07-31T00:00:00

Link: CVE-2020-16210

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-09-01T21:15:12.363

Modified: 2024-11-21T05:06:56.590

Link: CVE-2020-16210

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "N-Tron 702-W / 702M12-W", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions prior to all versions"}]}], "descriptions": [{"lang": "en", "value": "The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-04T20:06:16", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-16210", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "N-Tron 702-W / 702M12-W", "version": {"version_data": [{"version_value": "Versions prior to all versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u2018CROSS-SITE SCRIPTING\u2019) CWE-79"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"name": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:37:54.199Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"name": "20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-16210", "datePublished": "2020-09-01T20:44:46", "dateReserved": "2020-07-31T00:00:00", "dateUpdated": "2024-08-04T13:37:54.199Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:n-tron_702-w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E7E2A2E-13BA-46CF-A98D-CC855C381834", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:n-tron_702-w:-:*:*:*:*:*:*:*", "matchCriteriaId": "30885167-CD8F-4026-ADCB-2E07E772ECD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:n-tron_702m12-w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6633FE15-2CF0-4F83-91AB-6B090684C284", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:n-tron_702m12-w:-:*:*:*:*:*:*:*", "matchCriteriaId": "94F253CC-A9DC-463A-93F0-71DD4FC190FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on the N-Tron 702-W / 702M12-W (all versions)."}, {"lang": "es", "value": "El producto afectado es vulnerable a un ataque de tipo cross-site scripting reflejado, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario remotamente y llevar a cabo acciones en el contexto de un usuario atacado en los dispositivos N-Tron 702-W / 702M12-W (todas las versiones)"}], "id": "CVE-2020-16210", "lastModified": "2024-11-21T05:06:56.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-01T21:15:12.363", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Sep/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}