CVE-2020-8798

httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
juplinkrx4-1500_firmware
1.0.3 ≤
𝑥
≤ 1.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cerne.xyz/bugs/CVE-2020-8798.html
https://cerne.xyz/bugs/CVE-2020-8798.html