Vulnerability-Lookup

CNVD-2018-20756

Vulnerability from cnvd - Published: 2018-10-12

Title

Intelbras NPLUG跨站请求伪造漏洞

Description

Intelbras NPLUG是波兰Intelbras公司的一款无线中继设备。 Intelbras NPLUG 1.0.0.14版本无线中继设备中的web接口存在跨站请求伪造漏洞。远程攻击者可利用该漏洞修改无线SSID、重启设备、编辑访问控制列表、或激活远程访问。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： http://www.intelbras.com.br/

Reference

http://seclists.org/fulldisclosure/2018/Oct/18

Impacted products

Name
Intelbras NPLUG 1.0.0.14

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12456"
    }
  },
  "description": "Intelbras NPLUG\u662f\u6ce2\u5170Intelbras\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u4e2d\u7ee7\u8bbe\u5907\u3002\r\n\r\nIntelbras NPLUG 1.0.0.14\u7248\u672c\u65e0\u7ebf\u4e2d\u7ee7\u8bbe\u5907\u4e2d\u7684web\u63a5\u53e3\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4fee\u6539\u65e0\u7ebfSSID\u3001\u91cd\u542f\u8bbe\u5907\u3001\u7f16\u8f91\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u3001\u6216\u6fc0\u6d3b\u8fdc\u7a0b\u8bbf\u95ee\u3002",
  "discovererName": "Patrick Costa",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://www.intelbras.com.br/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20756",
  "openTime": "2018-10-12",
  "products": {
    "product": "Intelbras NPLUG 1.0.0.14"
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2018/Oct/18",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-12",
  "title": "Intelbras NPLUG\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2018-12456 (GCVE-0-2018-12456)

Vulnerability from cvelistv5 – Published: 2018-10-10 21:00 – Updated: 2024-08-05 08:38

Summary

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

http://seclists.org/fulldisclosure/2018/Oct/18

mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:38:05.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181008 Multiple vulnerabilities in NPLUG wireless repeater",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Oct/18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20181008 Multiple vulnerabilities in NPLUG wireless repeater",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Oct/18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12456",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181008 Multiple vulnerabilities in NPLUG wireless repeater",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Oct/18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12456",
    "datePublished": "2018-10-10T21:00:00",
    "dateReserved": "2018-06-15T00:00:00",
    "dateUpdated": "2024-08-05T08:38:05.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-20756

CVE-2018-12456 (GCVE-0-2018-12456)

Tags

Sightings

Nomenclature