CVE-2020-10181

CRITICAL KEV

Sumavision Enhanced Multimedia Router Firmware - CSRF

Title source: rule

Description

goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*>123456 request.

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156746/Enhanced-Multimedia-Router-3.0.4.27-Cross-Site-Request-Forgery.html

[Exploit, Third Party Advisory] https://github.com/s1kr10s/Sumavision_EMR3.0

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://www.youtube.com/watch?v=Ufcj4D9eA5o

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10181

Scores

CVSS v3 9.8

EPSS 0.2055

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-2643

CWE

CWE-352

Status published

Products (1)

sumavision/enhanced_multimedia_router_firmware 3.0.4.27

Published Mar 11, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026