PT-2020-15386 · Sagemcom · Sagemcom F@St 3686

Gr3Gpr1Est

Published

2020-09-14

Updated

2020-09-17

CVE-2020-21733

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sagemcom F@ST3686 version 1.0 HUN 3.97.0

Description The issue is related to a security problem where an attacker can inject malicious code. The estimated number of potentially affected devices worldwide is not available. Technical details about exploitation include API endpoints such as "RgDiagnostics.asp", "RgDdns.asp", "RgFirewallEL.asp", "RgVpnL2tpPptp.asp".

Recommendations For Sagemcom F@ST3686 version 1.0 HUN 3.97.0, consider restricting access to the affected API endpoints "RgDiagnostics.asp", "RgDdns.asp", "RgFirewallEL.asp", "RgVpnL2tpPptp.asp" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-21733

Affected Products

Sagemcom F@St 3686

PT-2020-15386 · Sagemcom · Sagemcom F@St 3686

CVE-2020-21733

Weakness Enumeration

Related Identifiers

Affected Products

References · 6