CVE-2020-3924

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tonnet:tat-77104g1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tonnet:tat-77104g1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tonnet:tat-70432n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tonnet:tat-70432n:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tonnet:tat-71416g1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tonnet:tat-71416g1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tonnet:tat-71832g1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tonnet:tat-71832g1:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tonnet:tat-76104g3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tonnet:tat-76104g3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tonnet:tat-76108g3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tonnet:tat-76108g3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:tonnet:tat-76116g3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tonnet:tat-76116g3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:tonnet:tat-76132g3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tonnet:tat-76132g3:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:31

Type Values Removed Values Added
CVSS v2 : 10.0
v3 : 9.8
v2 : 10.0
v3 : 6.4
References () https://tvn.twcert.org.tw/taiwanvn/TVN-201910004 - Third Party Advisory () https://tvn.twcert.org.tw/taiwanvn/TVN-201910004 - Third Party Advisory
References () https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf - Third Party Advisory () https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf - Third Party Advisory

Information

Published : 2020-02-27 04:15

Updated : 2024-11-21 05:31


NVD link : CVE-2020-3924

Mitre link : CVE-2020-3924

CVE.ORG link : CVE-2020-3924


JSON object : View

Products Affected

tonnet

  • tat-70432n_firmware
  • tat-71416g1_firmware
  • tat-76104g3_firmware
  • tat-76104g3
  • tat-71416g1
  • tat-76116g3
  • tat-71832g1_firmware
  • tat-77104g1_firmware
  • tat-76116g3_firmware
  • tat-76132g3_firmware
  • tat-71832g1
  • tat-76132g3
  • tat-70432n
  • tat-76108g3_firmware
  • tat-77104g1
  • tat-76108g3
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')