MidnightBSD

Advisories for tonnet

CVE-2020-3923 HIGH

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
tonnet tat-76132g3_firmware *
tonnet tat-70432n_firmware *
tonnet tat-76116g3_firmware *
tonnet tat-77104g1_firmware *
tonnet tat-71832g1_firmware *
tonnet tat-76108g3_firmware *
tonnet tat-71416g1_firmware *
tonnet tat-76104g3_firmware *
CVE-2020-3924 HIGH

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
twcert@cert.org.tw 6.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
tonnet tat-76132g3_firmware *
tonnet tat-70432n_firmware *
tonnet tat-76116g3_firmware *
tonnet tat-77104g1_firmware *
tonnet tat-71832g1_firmware *
tonnet tat-76108g3_firmware *
tonnet tat-71416g1_firmware *
tonnet tat-76104g3_firmware *