CVE-2020-8798

EUVD-2020-29646
httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
juplinkrx4-1500_firmware
1.0.3 ≤
𝑥
≤ 1.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cerne.xyz/bugs/CVE-2020-8798.html
https://cerne.xyz/bugs/CVE-2020-8798.html