Vulnerabilities > CVE-2020-3923 - Incorrect Authorization vulnerability in Tonnet products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

tonnet

CWE-863

critical

NVD

Published: 2020-02-27

Updated: 2021-07-21

Summary

DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.

Vulnerable Configurations

Part	Description	Count
OS	Tonnet Tonnet TAT 77104G1 Firmware Tat-77104G1_20190107 Tonnet TAT 70432N Firmware Tat-77208G1_20181225 Tonnet TAT 71416G1 Firmware Tat-71416G1_20181225 Tonnet TAT 71832G1 Firmware Tat-71832G1_20190510 Tonnet TAT 76104G3 Firmware 20181220_76104G3 Tonnet TAT 76108G3 Firmware 20181221_76208G3 Tonnet TAT 76116G3 Firmware 20181221_76216G3 Tonnet TAT 76132G3 Firmware Tat-70832G3_20181221-1	8
Hardware	Tonnet Tonnet TAT 77104G1 - Tonnet TAT 70432N - Tonnet TAT 71416G1 - Tonnet TAT 71832G1 - Tonnet TAT 76104G3 - Tonnet TAT 76108G3 - Tonnet TAT 76116G3 - Tonnet TAT 76132G3 -	8

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References