Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2020-21994
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-28 Apr, 2021 | 15:15
Updated At-26 Oct, 2022 | 15:15

AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
ave
ave
>>dominaplus>>Versions from 1.10.11(inclusive) to 1.10.77(inclusive)
cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:*
ave
ave
>>53ab-wbs_firmware>>1.10.62
cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:*
ave
ave
>>53ab-wbs>>-
cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:*
ave
ave
>>ts01_firmware>>1.0.65
cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:*
ave
ave
>>ts01>>-
cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:*
ave
ave
>>ts03x-v_firmware>>1.10.45a
cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:*
ave
ave
>>ts03x-v>>-
cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:*
ave
ave
>>ts04x-v_firmware>>1.10.45a
cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:*
ave
ave
>>ts04x-v>>-
cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:*
ave
ave
>>ts05_firmware>>1.10.36
cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:*
ave
ave
>>ts05>>-
cpe:2.3:h:ave:ts05:-:*:*:*:*:*:*:*
ave
ave
>>ts05n-v_firmware>>-
cpe:2.3:o:ave:ts05n-v_firmware:-:*:*:*:*:*:*:*
ave
ave
>>ts05n-v>>-
cpe:2.3:h:ave:ts05n-v:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-522Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cwe.mitre.org/data/definitions/522.htmlcve@mitre.org
Technical Description
https://www.exploit-db.com/exploits/47819cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.phpcve@mitre.org
Exploit
Third Party Advisory
Change History
0Changes found
Details not found