CyberSec.Space Logo
Back to CVE Browser

CVE-2020-8657

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score41.3810%
EPSS Percentile86.97th
PublishedFeb 6, 2020
Last ModifiedNov 10, 2025

Vulnerability Description

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.

Affected Platforms (CPE)

πŸ“¦
Eyesofnetwork

Eyesofnetwork

= 5.3-0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
πŸ”— https://github.com/EyesOfNetworkCommunity/eonapi/issues/17
πŸ”— http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
πŸ”— https://github.com/EyesOfNetworkCommunity/eonapi/issues/17
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8657

Related Vulnerabilities

CVE-2020-94659.8

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection...

CVE-2020-278869.8

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowin...

CVE-2020-86569.8

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated a...

CVE-2021-275149.8

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authe...