Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by freebox
VAR-202010-0833
Vulnerability from variot - Updated: 2023-12-18 13:56A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Freebox Server Contains a spoofing authentication evasion vulnerability.Information may be obtained. The Freebox server is a DSL modem, router, Wi-Fi hotspot, NAS (250 GB hard disk), DECT base with up to 8 connected DECT phones, and digital video recorder-T for TNT (also known as DVB) And IPTV.
Versions of Freebox Server prior to 4.2.3 have security vulnerabilities. The vulnerabilities stem from the existence of DNS rebinding vulnerabilities in the implementation of UPnP MediaServer, allowing attackers to gain access to the local area network by manipulating the DNS (Domain Name Service) working mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0833",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freebox server",
"scope": "lt",
"trust": 1.0,
"vendor": "free",
"version": "4.2.3"
},
{
"model": "freebox v5",
"scope": "lt",
"trust": 1.0,
"vendor": "free",
"version": "1.5.29"
},
{
"model": "freebox server",
"scope": null,
"trust": 0.8,
"vendor": "free",
"version": null
},
{
"model": "freebox v5",
"scope": null,
"trust": 0.8,
"vendor": "free",
"version": null
},
{
"model": "server",
"scope": "lt",
"trust": 0.6,
"vendor": "freebox",
"version": "4.2.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:free:freebox_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:free:freebox_v5_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.5.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:free:freebox_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"cve": "CVE-2020-24375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-24375",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-64596",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-24375",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-24375",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-64596",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-883",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-24375",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Freebox Server Contains a spoofing authentication evasion vulnerability.Information may be obtained. The Freebox server is a DSL modem, router, Wi-Fi hotspot, NAS (250 GB hard disk), DECT base with up to 8 connected DECT phones, and digital video recorder-T for TNT (also known as DVB) And IPTV. \n\r\n\r\nVersions of Freebox Server prior to 4.2.3 have security vulnerabilities. The vulnerabilities stem from the existence of DNS rebinding vulnerabilities in the implementation of UPnP MediaServer, allowing attackers to gain access to the local area network by manipulating the DNS (Domain Name Service) working mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24375",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-64596",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-24375",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
]
},
"id": "VAR-202010-0833",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
}
]
},
"last_update_date": "2023-12-18T13:56:05.344000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "freebox",
"trust": 0.8,
"url": "https://dev.freebox.fr/blog/?p=10222"
},
{
"title": "Patch for Freebox server DNS rebinding vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/240430"
},
{
"title": "Freebox server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131412"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24375"
},
{
"trust": 1.7,
"url": "https://dev.freebox.fr/blog/?p=10222"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/290.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"db": "NVD",
"id": "CVE-2020-24375"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"date": "2020-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"date": "2021-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"date": "2020-10-19T19:15:14.753000",
"db": "NVD",
"id": "CVE-2020-24375"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-64596"
},
{
"date": "2020-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-24375"
},
{
"date": "2021-05-20T06:18:00",
"db": "JVNDB",
"id": "JVNDB-2020-012656"
},
{
"date": "2020-10-27T19:23:22.463000",
"db": "NVD",
"id": "CVE-2020-24375"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Freebox\u00a0Server\u00a0 Spoofing Authentication Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-883"
}
],
"trust": 0.6
}
}
VAR-202009-0966
Vulnerability from variot - Updated: 2023-12-18 13:07A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Freebox Server Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The Freebox server is a DSL modem, router, Wi-Fi hotspot, NAS (250 GB hard disk), DECT base with up to 8 connected DECT phones, and digital video recorder-T for TNT (also known as DVB) And IPTV.
There is a cross-site request forgery vulnerability in Freebox Server versions prior to 4.2.3, which is caused by the WEB application not fully verifying whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0966",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freebox pop",
"scope": "lt",
"trust": 1.0,
"vendor": "free",
"version": "4.2.3"
},
{
"model": "freebox delta",
"scope": "lt",
"trust": 1.0,
"vendor": "free",
"version": "4.2.3"
},
{
"model": "freebox mini",
"scope": "lt",
"trust": 1.0,
"vendor": "free",
"version": "4.2.3"
},
{
"model": "freebox one",
"scope": "lt",
"trust": 1.0,
"vendor": "free",
"version": "4.2.3"
},
{
"model": "freebox revolution",
"scope": "lt",
"trust": 1.0,
"vendor": "free",
"version": "4.2.3"
},
{
"model": "freebox delta",
"scope": null,
"trust": 0.8,
"vendor": "free",
"version": null
},
{
"model": "freebox mini",
"scope": null,
"trust": 0.8,
"vendor": "free",
"version": null
},
{
"model": "freebox one",
"scope": null,
"trust": 0.8,
"vendor": "free",
"version": null
},
{
"model": "freebox pop",
"scope": null,
"trust": 0.8,
"vendor": "free",
"version": null
},
{
"model": "freebox revolution",
"scope": null,
"trust": 0.8,
"vendor": "free",
"version": null
},
{
"model": "server",
"scope": "lt",
"trust": 0.6,
"vendor": "freebox",
"version": "4.2.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57060"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"db": "NVD",
"id": "CVE-2020-24373"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:free:freebox_revolution_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:free:freebox_revolution:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:free:freebox_mini_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:free:freebox_mini:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:free:freebox_one_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:free:freebox_one:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:free:freebox_delta_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:free:freebox_delta:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:free:freebox_pop_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:free:freebox_pop:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24373"
}
]
},
"cve": "CVE-2020-24373",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-24373",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-57060",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-24373",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-24373",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-57060",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1012",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57060"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"db": "NVD",
"id": "CVE-2020-24373"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. Freebox Server Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The Freebox server is a DSL modem, router, Wi-Fi hotspot, NAS (250 GB hard disk), DECT base with up to 8 connected DECT phones, and digital video recorder-T for TNT (also known as DVB) And IPTV. \n\r\n\r\nThere is a cross-site request forgery vulnerability in Freebox Server versions prior to 4.2.3, which is caused by the WEB application not fully verifying whether the request comes from a trusted user. An attacker can use this vulnerability to send unexpected requests to the server through the affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24373"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"db": "CNVD",
"id": "CNVD-2020-57060"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24373",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011226",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-57060",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1012",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57060"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"db": "NVD",
"id": "CVE-2020-24373"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
]
},
"id": "VAR-202009-0966",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57060"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57060"
}
]
},
"last_update_date": "2023-12-18T13:07:27.883000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "freebox",
"trust": 0.8,
"url": "https://dev.freebox.fr/blog/?p=10222"
},
{
"title": "Patch for Freebox server cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/236470"
},
{
"title": "Freebox server Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128749"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57060"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"db": "NVD",
"id": "CVE-2020-24373"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24373"
},
{
"trust": 1.6,
"url": "https://dev.freebox.fr/blog/?p=10222"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57060"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"db": "NVD",
"id": "CVE-2020-24373"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-57060"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"db": "NVD",
"id": "CVE-2020-24373"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57060"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"date": "2020-09-16T20:15:13.973000",
"db": "NVD",
"id": "CVE-2020-24373"
},
{
"date": "2020-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-57060"
},
{
"date": "2021-03-24T02:15:00",
"db": "JVNDB",
"id": "JVNDB-2020-011226"
},
{
"date": "2022-11-16T14:12:08.627000",
"db": "NVD",
"id": "CVE-2020-24373"
},
{
"date": "2020-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Freebox server cross-site request forgery vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-57060"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1012"
}
],
"trust": 0.6
}
}