Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-26879

EPSS 88.90% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-26879

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ruckus Networks Ruckus vRioT 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ruckus Networks Ruckus vRioT是美国Ruckus Networks公司的一个基于蓝牙、ZigBee、LoRa实现端点连接的软件。 Ruckus Networks Ruckus vRioT 1.5.1.0.21 之前版本存在安全漏洞,该漏洞源于Ruckus vRioT有一个API后门,未经身份验证的攻击者可以通过使用后门生成值作为Authorization标头来与服务API进行交互。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-26879

#POC DescriptionSource LinkShenlong Link
1Ruckus vRioT through 1.5.1.0.21 contains an API backdoor caused by a hardcoded token in validate_token.py,letting unauthenticated attackers interact with the API without authentication. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-26879.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-26879

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-10-26 · 22 CVEs total

CVE-2020-77528.8 HIGHCommand Injection
CVE-2020-7127Aruba Networks Aruba Airwave 注入漏洞
CVE-2020-25470antSword 跨站脚本漏洞
CVE-2020-13100Arista Networks Arista`s CloudVision eXchange 安全漏洞
CVE-2020-7196HPE BlueData EPIC和HPE Ezmeral Container Platform 安全漏洞
CVE-2020-7197hpe HPE StoreServ Management Console 授权问题漏洞
CVE-2020-15897Arista Networks Arista EOS 安全漏洞
CVE-2020-24631Aruba Networks Aruba Airwave 命令注入漏洞
CVE-2020-24632Aruba Networks Aruba Airwave 命令注入漏洞
CVE-2020-7124Aruba Networks Aruba Airwave 授权问题漏洞
CVE-2020-7125Aruba Networks Aruba Airwave 授权问题漏洞
CVE-2020-7126Aruba Networks Aruba Airwave 代码问题漏洞
CVE-2020-27743pam_tacplus 安全特征问题漏洞
CVE-2020-18766antSword 跨站脚本漏洞
CVE-2020-6876ZTE eVDC 跨站脚本漏洞
CVE-2020-27187KDE Partition Manager 命令注入漏洞
CVE-2020-26161Octopus Deploy 输入验证错误漏洞
CVE-2020-26566Motion-Project Motion 缓冲区错误漏洞
CVE-2017-18925OpenRC opentmpfiles 后置链接漏洞
CVE-2020-25034mainway FireEye EX SQL注入漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-26879

No comments yet

Leave a comment