返回 CVE 瀏覽器

CVE-2020-8657

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score41.3810%

EPSS Percentile86.97th

Published2020年2月6日

Last Modified2025年11月10日

Vulnerability Description

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.

Affected Platforms (CPE)

📦

Eyesofnetwork

Eyesofnetwork

= 5.3-0

References & Advisories

🔗 http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html

🔗 https://github.com/EyesOfNetworkCommunity/eonapi/issues/17

🔗 http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html

🔗 https://github.com/EyesOfNetworkCommunity/eonapi/issues/17

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8657

相關漏洞威脅

CVE-2020-94659.8

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3. The eonweb web interface is prone to a SQL injection...

CVE-2020-278869.8

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowin...

CVE-2020-86569.8

An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated a...

CVE-2021-275149.8

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authe...