Vulnerability Details CVE-2020-3924
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 10.0
References
Products affected by CVE-2020-3924
-
cpe:2.3:h:tonnet:tat-70432n:-
-
cpe:2.3:h:tonnet:tat-71416g1:-
-
cpe:2.3:h:tonnet:tat-71832g1:-
-
cpe:2.3:h:tonnet:tat-76104g3:-
-
cpe:2.3:h:tonnet:tat-76108g3:-
-
cpe:2.3:h:tonnet:tat-76116g3:-
-
cpe:2.3:h:tonnet:tat-76132g3:-
-
cpe:2.3:h:tonnet:tat-77104g1:-
-
cpe:2.3:o:tonnet:tat-70432n_firmware:tat-77208g1_20181225
-
cpe:2.3:o:tonnet:tat-71416g1_firmware:tat-71416g1_20181225
-
cpe:2.3:o:tonnet:tat-71832g1_firmware:tat-71832g1_20190510
-
cpe:2.3:o:tonnet:tat-76104g3_firmware:20181220_76104g3
-
cpe:2.3:o:tonnet:tat-76108g3_firmware:20181221_76208g3
-
cpe:2.3:o:tonnet:tat-76116g3_firmware:20181221_76216g3
-
cpe:2.3:o:tonnet:tat-76132g3_firmware:tat-70832g3_20181221-1
-
cpe:2.3:o:tonnet:tat-77104g1_firmware:tat-77104g1_20190107