Vulnerability Details CVE-2020-10181
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.299
EPSS Ranking 96.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-Cross-Site-Request-Forgery.html
- https://github.com/s1kr10s/Sumavision_EMR3.0
- https://www.youtube.com/watch?v=Ufcj4D9eA5o
- http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-Cross-Site-Request-Forgery.html
- https://github.com/s1kr10s/Sumavision_EMR3.0
- https://www.youtube.com/watch?v=Ufcj4D9eA5o
Products affected by CVE-2020-10181
-
cpe:2.3:h:sumavision:enhanced_multimedia_router:-
-
cpe:2.3:o:sumavision:enhanced_multimedia_router_firmware:3.0.4.27