Vulnerability-Lookup

CNVD-2017-18582

Vulnerability from cnvd - Published: 2017-08-03

Title

eCos Embedded Web Servers认证绕过漏洞

Description

eCos Embedded Web Servers是一款应用在路由器等设备中的嵌入式Web服务器。 eCos Embedded Web Servers中存在安全漏洞。攻击者可利用该漏洞绕过身份验证，控制设备。

Severity

中

Patch Name

eCos Embedded Web Servers认证绕过漏洞的补丁

Patch Description

eCos Embedded Web Servers是一款应用在路由器等设备中的嵌入式Web服务器。 eCos Embedded Web Servers中存在安全漏洞。攻击者可利用该漏洞绕过身份验证，控制设备。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://ecos.sourceware.org/

Reference

http://ecos.sourceware.org/ecos/problemreport.html

Impacted products

Name
eCos eCos Embedded Web Servers

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1000020"
    }
  },
  "description": "eCos Embedded Web Servers\u662f\u4e00\u6b3e\u5e94\u7528\u5728\u8def\u7531\u5668\u7b49\u8bbe\u5907\u4e2d\u7684\u5d4c\u5165\u5f0fWeb\u670d\u52a1\u5668\u3002\r\n\r\neCos Embedded Web Servers\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u63a7\u5236\u8bbe\u5907\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://ecos.sourceware.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-18582",
  "openTime": "2017-08-03",
  "patchDescription": "eCos Embedded Web Servers\u662f\u4e00\u6b3e\u5e94\u7528\u5728\u8def\u7531\u5668\u7b49\u8bbe\u5907\u4e2d\u7684\u5d4c\u5165\u5f0fWeb\u670d\u52a1\u5668\u3002\r\n\r\neCos Embedded Web Servers\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u63a7\u5236\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "eCos Embedded Web Servers\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "eCos eCos Embedded Web Servers"
  },
  "referenceLink": "http://ecos.sourceware.org/ecos/problemreport.html",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-28",
  "title": "eCos Embedded Web Servers\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2017-1000020 (GCVE-0-2017-1000020)

Vulnerability from cvelistv5 – Published: 2017-07-13 20:00 – Updated: 2024-08-05 21:53

Summary

SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

http://ecos.sourceware.org/ecos/problemreport.html

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:53:06.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ecos.sourceware.org/ecos/problemreport.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2017-05-06T00:00:00",
      "datePublic": "2017-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-13T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ecos.sourceware.org/ecos/problemreport.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2017-05-06T20:43:28.271028",
          "ID": "CVE-2017-1000020",
          "REQUESTER": "niteshvai67@gmail.com",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ecos.sourceware.org/ecos/problemreport.html",
              "refsource": "MISC",
              "url": "http://ecos.sourceware.org/ecos/problemreport.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-1000020",
    "datePublished": "2017-07-13T20:00:00",
    "dateReserved": "2017-07-10T00:00:00",
    "dateUpdated": "2024-08-05T21:53:06.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-18582

CVE-2017-1000020 (GCVE-0-2017-1000020)

Tags

Sightings

Nomenclature