CVE-2020-24033
Summary
| CVE | CVE-2020-24033 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-22 14:15:00 UTC |
| Updated | 2020-11-02 15:08:00 UTC |
| Description | An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Fs | S3900 24t4s | - | All | All | All |
| Hardware | Fs | S3900 24t4s | - | All | All | All |
| Operating System | Fs | S3900 24t4s Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GitHub - M0NsTeRRR/CVE-2020-24033 | MISC | github.com | Exploit, Third Party Advisory |
| GitHub - M0NsTeRRR/CVE-2020-24033 | MISC | github.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.