CVE-2020-21996 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
ave	dominaplus	1.8.4 ≤ 𝑥 ≤ 1.10.77
ave	53ab-wbs_firmware	1.10.62
ave	ts01_firmware	1.0.65
ave	ts03x-v_firmware	1.10.45a:a
ave	ts04x-v_firmware	1.10.45a:a
ave	ts05_firmware	1.10.36
ave	ts05n-v_firmware	-

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://cwe.mitre.org/data/definitions/306.html

https://www.exploit-db.com/exploits/47820

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5548.php

https://cwe.mitre.org/data/definitions/306.html

https://www.exploit-db.com/exploits/47820

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5548.php