// For flags

CVE-2020-12773

Realtek ADSL/PON Modem SoC - Security Misconfiguration

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.

Se presenta una vulnerabilidad de configuraciĆ³n incorrecta de seguridad en el SDK de algunos firmware de Realtek ADSL/PON Modem SoC, que permite a atacantes que usan una contraseƱa predeterminada ejecutar comandos arbitrarios remotamente por medio de la herramienta de monitoreo de red incorporada

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-05-11 CVE Reserved
  • 2020-06-08 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
https://www.twcert.org.tw/tw/cp-132-3681-2a3f6-1.html Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Realtek
Search vendor "Realtek"
 Adsl Router Soc Firmware
Search vendor "Realtek" for product "Adsl Router Soc Firmware"
--
Affected