CVE-2020-21994

AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
References
Link Resource
https://www.exploit-db.com/exploits/47819 Exploit Third Party Advisory VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php Exploit Third Party Advisory
https://cwe.mitre.org/data/definitions/522.html Technical Description
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:ave:dominaplus:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ave:53ab-wbs_firmware:1.10.62:*:*:*:*:*:*:*
cpe:2.3:h:ave:53ab-wbs:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ave:ts01_firmware:1.0.65:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts01:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ave:ts03x-v_firmware:1.10.45a:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts03x-v:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ave:ts04x-v_firmware:1.10.45a:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts04x-v:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ave:ts05_firmware:1.10.36:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts05:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ave:ts05n-v_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:ave:ts05n-v:-:*:*:*:*:*:*:*

Information

Published : 2021-04-28 08:15

Updated : 2022-10-26 08:15


NVD link : CVE-2020-21994

Mitre link : CVE-2020-21994


JSON object : View

CWE
CWE-522

Insufficiently Protected Credentials

Advertisement

dedicated server usa

Products Affected

ave

  • ts05n-v_firmware
  • ts01_firmware
  • ts05_firmware
  • ts04x-v_firmware
  • ts04x-v
  • ts01
  • ts03x-v
  • ts03x-v_firmware
  • ts05
  • 53ab-wbs_firmware
  • ts05n-v
  • dominaplus
  • 53ab-wbs