CVE-2020-3923

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
twcertCNA
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
tonnettat-76104g3_firmware
𝑥
≤ 20181220_76104g3
tonnettat-76108g3_firmware
𝑥
≤ 20181221_76208g3
tonnettat-76116g3_firmware
𝑥
≤ 20181221_76216g3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tvn.twcert.org.tw/taiwanvn/TVN-201910003
https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf
https://tvn.twcert.org.tw/taiwanvn/TVN-201910003
https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf