Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by intenogroup
VAR-201707-0398
Vulnerability from variot - Updated: 2023-12-18 13:57Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.). Intenorouters is a wireless router from IntenoBroadband Technologies of Sweden. A security vulnerability exists in the Inteno router that caused the program to fail to properly configure the JUCIACL
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inteno router",
"scope": "eq",
"trust": 1.6,
"vendor": "intenogroup",
"version": null
},
{
"model": "router",
"scope": null,
"trust": 0.8,
"vendor": "inteno",
"version": null
},
{
"model": "routers",
"scope": null,
"trust": 0.6,
"vendor": "inteno",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25529"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005971"
},
{
"db": "NVD",
"id": "CVE-2017-11361"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-693"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intenogroup:inteno_router_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intenogroup:inteno_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11361"
}
]
},
"cve": "CVE-2017-11361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-11361",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-25529",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-101776",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11361",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11361",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-25529",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-693",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101776",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25529"
},
{
"db": "VULHUB",
"id": "VHN-101776"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005971"
},
{
"db": "NVD",
"id": "CVE-2017-11361"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-693"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inteno routers have a JUCI ACL misconfiguration that allows the \"user\" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the \"user\" password might be \"user\" or might match the Wi-Fi key.). Intenorouters is a wireless router from IntenoBroadband Technologies of Sweden. A security vulnerability exists in the Inteno router that caused the program to fail to properly configure the JUCIACL",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005971"
},
{
"db": "CNVD",
"id": "CNVD-2017-25529"
},
{
"db": "VULHUB",
"id": "VHN-101776"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11361",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005971",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-693",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-25529",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101776",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25529"
},
{
"db": "VULHUB",
"id": "VHN-101776"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005971"
},
{
"db": "NVD",
"id": "CVE-2017-11361"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-693"
}
]
},
"id": "VAR-201707-0398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25529"
},
{
"db": "VULHUB",
"id": "VHN-101776"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25529"
}
]
},
"last_update_date": "2023-12-18T13:57:17.870000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.intenogroup.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005971"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101776"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005971"
},
{
"db": "NVD",
"id": "CVE-2017-11361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11361"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11361"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25529"
},
{
"db": "VULHUB",
"id": "VHN-101776"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005971"
},
{
"db": "NVD",
"id": "CVE-2017-11361"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-693"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-25529"
},
{
"db": "VULHUB",
"id": "VHN-101776"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005971"
},
{
"db": "NVD",
"id": "CVE-2017-11361"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-693"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-25529"
},
{
"date": "2017-07-17T00:00:00",
"db": "VULHUB",
"id": "VHN-101776"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005971"
},
{
"date": "2017-07-17T17:29:00.493000",
"db": "NVD",
"id": "CVE-2017-11361"
},
{
"date": "2017-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-693"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-25529"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-101776"
},
{
"date": "2017-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005971"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-11361"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-693"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-693"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inteno In the router \"user\" Vulnerability to read files by account",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005971"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-693"
}
],
"trust": 0.6
}
}
VAR-201909-0693
Vulnerability from variot - Updated: 2023-12-18 13:47Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. Inteno EG200 Routers contain information disclosure vulnerabilities due to differences in responses to security-related processing.Information may be obtained. The Inteno Group EG200 is a home gateway device from Inteno Group, Sweden. A configuration error vulnerability exists in the Inteno Group EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 version, which can be exploited by an attacker to extract 3DES keys using JSON commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0693",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eg200",
"scope": "eq",
"trust": 1.0,
"vendor": "intenogroup",
"version": "eg200-wu7p1u_adamo3.16.4-190226_1650"
},
{
"model": "eg200",
"scope": "eq",
"trust": 0.8,
"vendor": "inteno",
"version": "eg200-wu7p1u_adamo3.16.4-190226_1650"
},
{
"model": "group eg200 eg200-wu7p1u adamo3.16.4-190226 1650",
"scope": null,
"trust": 0.6,
"vendor": "inteno",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"db": "NVD",
"id": "CVE-2019-13140"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intenogroup:eg200_firmware:eg200-wu7p1u_adamo3.16.4-190226_1650:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intenogroup:eg200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13140"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gerard Fuguet",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
],
"trust": 0.6
},
"cve": "CVE-2019-13140",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-13140",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-33123",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-144957",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13140",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13140",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-33123",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-765",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-144957",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"db": "VULHUB",
"id": "VHN-144957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"db": "NVD",
"id": "CVE-2019-13140"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the \"user\" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. Inteno EG200 Routers contain information disclosure vulnerabilities due to differences in responses to security-related processing.Information may be obtained. The Inteno Group EG200 is a home gateway device from Inteno Group, Sweden. A configuration error vulnerability exists in the Inteno Group EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 version, which can be exploited by an attacker to extract 3DES keys using JSON commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"db": "VULHUB",
"id": "VHN-144957"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-144957",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144957"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13140",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "154494",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "47390",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009426",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-765",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-33123",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-144957",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"db": "VULHUB",
"id": "VHN-144957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"db": "NVD",
"id": "CVE-2019-13140"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
]
},
"id": "VAR-201909-0693",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"db": "VULHUB",
"id": "VHN-144957"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33123"
}
]
},
"last_update_date": "2023-12-18T13:47:50.127000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EG200",
"trust": 0.8,
"url": "https://www.intenogroup.com/products/gateways/eg200/"
},
{
"title": "Inteno Group EG200 Configuration Error Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/182201"
},
{
"title": "Inteno Group EG200 Fixes for configuration error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98302"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-552",
"trust": 1.0
},
{
"problemtype": "CWE-203",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"db": "NVD",
"id": "CVE-2019-13140"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/154494/inteno-iopsys-gateway-3des-key-extraction-improper-access.html"
},
{
"trust": 2.3,
"url": "https://www.exploit-db.com/exploits/47390"
},
{
"trust": 2.3,
"url": "https://twitter.com/gerardfuguet/status/1169298861782896642"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/docs/47397"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13140"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13140"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"db": "VULHUB",
"id": "VHN-144957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"db": "NVD",
"id": "CVE-2019-13140"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"db": "VULHUB",
"id": "VHN-144957"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"db": "NVD",
"id": "CVE-2019-13140"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"date": "2019-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-144957"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"date": "2019-09-16T17:15:13.277000",
"db": "NVD",
"id": "CVE-2019-13140"
},
{
"date": "2019-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"date": "2019-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-144957"
},
{
"date": "2019-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009426"
},
{
"date": "2022-03-31T17:47:15.780000",
"db": "NVD",
"id": "CVE-2019-13140"
},
{
"date": "2022-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inteno Group EG200 Configuration Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-33123"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-765"
}
],
"trust": 0.6
}
}
VAR-201807-1269
Vulnerability from variot - Updated: 2023-12-18 12:28read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp. Inteno IOPSYS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Inteno IOPSYS is an open service delivery platform developed by Sweden's Inteno Broadband Technology Company. The platform consists of Gateway OS, Home Portal and various software development kits. A security vulnerability exists in the 'read_tmp' and 'write_tmp' functions in Inteno IOPSYS. An attacker could exploit this vulnerability to gain privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iopsys",
"scope": "eq",
"trust": 1.6,
"vendor": "intenogroup",
"version": null
},
{
"model": "iopsys",
"scope": null,
"trust": 0.8,
"vendor": "inteno",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008932"
},
{
"db": "NVD",
"id": "CVE-2018-14533"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intenogroup:iopsys_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intenogroup:iopsys:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14533"
}
]
},
"cve": "CVE-2018-14533",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-14533",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-124702",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14533",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14533",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-2017",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-124702",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008932"
},
{
"db": "NVD",
"id": "CVE-2018-14533"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp. Inteno IOPSYS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Inteno IOPSYS is an open service delivery platform developed by Sweden\u0027s Inteno Broadband Technology Company. The platform consists of Gateway OS, Home Portal and various software development kits. A security vulnerability exists in the \u0027read_tmp\u0027 and \u0027write_tmp\u0027 functions in Inteno IOPSYS. An attacker could exploit this vulnerability to gain privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14533"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008932"
},
{
"db": "VULHUB",
"id": "VHN-124702"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-124702",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124702"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14533",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "45089",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008932",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2017",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-124702",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008932"
},
{
"db": "NVD",
"id": "CVE-2018-14533"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2017"
}
]
},
"id": "VAR-201807-1269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-124702"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:28:48.838000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iopsys",
"trust": 0.8,
"url": "https://iopsys.eu/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008932"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008932"
},
{
"db": "NVD",
"id": "CVE-2018-14533"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://neonsea.uk/blog/2018/07/21/tmp-to-rce.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45089/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14533"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14533"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008932"
},
{
"db": "NVD",
"id": "CVE-2018-14533"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-124702"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008932"
},
{
"db": "NVD",
"id": "CVE-2018-14533"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-2017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-124702"
},
{
"date": "2018-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008932"
},
{
"date": "2018-07-31T14:29:00.760000",
"db": "NVD",
"id": "CVE-2018-14533"
},
{
"date": "2018-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-2017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-124702"
},
{
"date": "2018-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008932"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-14533"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-2017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-2017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inteno IOPSYS Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008932"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-2017"
}
],
"trust": 0.6
}
}
CVE-2017-17867 (GCVE-0-2017-17867)
Vulnerability from cvelistv5 – Published: 2018-01-04 19:00 – Updated: 2024-08-05 21:06- n/a
| URL | Tags |
|---|---|
| https://neonsea.uk/blog/2017/12/23/rce-inteno-iop… | x_refsource_MISC |
| http://public.inteno.se/?p=feed-inteno-openwrt.gi… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/43428/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://public.inteno.se/?p=feed-inteno-openwrt.git%3Ba=commit%3Bh=efcc985a721107e72a66da4db66891ec54441998"
},
{
"name": "43428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43428/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://public.inteno.se/?p=feed-inteno-openwrt.git%3Ba=commit%3Bh=efcc985a721107e72a66da4db66891ec54441998"
},
{
"name": "43428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43428/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html",
"refsource": "MISC",
"url": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html"
},
{
"name": "http://public.inteno.se/?p=feed-inteno-openwrt.git;a=commit;h=efcc985a721107e72a66da4db66891ec54441998",
"refsource": "MISC",
"url": "http://public.inteno.se/?p=feed-inteno-openwrt.git;a=commit;h=efcc985a721107e72a66da4db66891ec54441998"
},
{
"name": "43428",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43428/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17867",
"datePublished": "2018-01-04T19:00:00.000Z",
"dateReserved": "2017-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:06:49.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17867 (GCVE-0-2017-17867)
Vulnerability from nvd – Published: 2018-01-04 19:00 – Updated: 2024-08-05 21:06- n/a
| URL | Tags |
|---|---|
| https://neonsea.uk/blog/2017/12/23/rce-inteno-iop… | x_refsource_MISC |
| http://public.inteno.se/?p=feed-inteno-openwrt.gi… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/43428/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://public.inteno.se/?p=feed-inteno-openwrt.git%3Ba=commit%3Bh=efcc985a721107e72a66da4db66891ec54441998"
},
{
"name": "43428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43428/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://public.inteno.se/?p=feed-inteno-openwrt.git%3Ba=commit%3Bh=efcc985a721107e72a66da4db66891ec54441998"
},
{
"name": "43428",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43428/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html",
"refsource": "MISC",
"url": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html"
},
{
"name": "http://public.inteno.se/?p=feed-inteno-openwrt.git;a=commit;h=efcc985a721107e72a66da4db66891ec54441998",
"refsource": "MISC",
"url": "http://public.inteno.se/?p=feed-inteno-openwrt.git;a=commit;h=efcc985a721107e72a66da4db66891ec54441998"
},
{
"name": "43428",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43428/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17867",
"datePublished": "2018-01-04T19:00:00.000Z",
"dateReserved": "2017-12-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:06:49.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}