CVE-2020-3923
HIGHTONNET TAT-76 and TAT-77 Series DVR Firmware - Improper Authentication via Default Password
Title source: llmDescription
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://tvn.twcert.org.tw/taiwanvn/TVN-201910003
Third Party Advisory x_refsource_misc
https://www.chtsecurity.com/news/4ef5eb3a-fdc3-4d78-8dd7-ec7213e2bbcf
Scores
CVSS v3
8.1
EPSS
0.0168
EPSS Percentile
74.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (8)
tonnet/tat-70432n_firmware
< tat-77208g1_20181225
tonnet/tat-71416g1_firmware
< tat-71416g1_20181225
tonnet/tat-71832g1_firmware
< tat-71832g1_20190510
tonnet/tat-76104g3_firmware
< 20181220_76104g3
tonnet/tat-76108g3_firmware
< 20181221_76208g3
tonnet/tat-76116g3_firmware
< 20181221_76216g3
tonnet/tat-76132g3_firmware
< tat-70832g3_20181221-1
tonnet/tat-77104g1_firmware
< tat-77104g1_20190107
Published
Feb 27, 2020
Tracked Since
Feb 18, 2026