Ultralog Express Firmware
CVE-2020-3920
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory.
AnalysisAI
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions. Any user can access the privileged page to manage accounts through specific system directory. Affected products include: Unisoon Ultralog Express Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
More in Ultralog Express Firmware
View allUltraLog Express device management interface does not properly filter user inputted string in some specific parameters,
UltraLog Express device management software stores user’s information in cleartext. Rated high severity (CVSS 7.5), this
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today