cvelistv5 - cve-2018-17533

CVE-2018-17533 (GCVE-0-2018-17533)

Vulnerability from cvelistv5 – Published: 2018-10-15 19:00 – Updated: 2024-08-05 10:47

Summary

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/sbaresearch/advisories/tree/pu…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2018/Oct/29	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/149781/Telto…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:47:04.915Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting"
          },
          {
            "name": "20181011 [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Oct/29"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting"
        },
        {
          "name": "20181011 [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Oct/29"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-17533",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting",
              "refsource": "MISC",
              "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting"
            },
            {
              "name": "20181011 [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Oct/29"
            },
            {
              "name": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-17533",
    "datePublished": "2018-10-15T19:00:00",
    "dateReserved": "2018-09-25T00:00:00",
    "dateUpdated": "2024-08-05T10:47:04.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:teltonika:rut900_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"00.05.01.1\", \"matchCriteriaId\": \"FEA56908-9AED-4818-8590-F9746F2AE0DE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:teltonika:rut900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9D1E794-1212-43CC-BA30-551EE45FA646\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"00.05.01.1\", \"matchCriteriaId\": \"98B756CF-A203-4188-B3E5-4D7252C9520F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CE17C85-9A69-41FB-AB96-0DCAB72309A0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:teltonika:rut955_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"00.05.01.1\", \"matchCriteriaId\": \"C8B54843-E70B-4B10-BBB3-C6BB34CADCB9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:teltonika:rut955:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F29C3F1-DFAF-433A-8B1E-4BD2A8DF6C1E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.\"}, {\"lang\": \"es\", \"value\": \"Los routers Teltonika RUT9XX con firmware en versiones anteriores a la 00.05.01.1 son propensos a vulnerabilidades Cross-Site Scripting (XSS) en hotspotlogin.cgi debido al saneamiento insuficiente de entradas de usuario.\"}]",
      "id": "CVE-2018-17533",
      "lastModified": "2024-11-21T03:54:33.783",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-10-15T19:29:01.837",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Oct/29\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Oct/29\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-17533\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-10-15T19:29:01.837\",\"lastModified\":\"2024-11-21T03:54:33.783\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.\"},{\"lang\":\"es\",\"value\":\"Los routers Teltonika RUT9XX con firmware en versiones anteriores a la 00.05.01.1 son propensos a vulnerabilidades Cross-Site Scripting (XSS) en hotspotlogin.cgi debido al saneamiento insuficiente de entradas de usuario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:teltonika:rut900_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"00.05.01.1\",\"matchCriteriaId\":\"FEA56908-9AED-4818-8590-F9746F2AE0DE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:teltonika:rut900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9D1E794-1212-43CC-BA30-551EE45FA646\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"00.05.01.1\",\"matchCriteriaId\":\"98B756CF-A203-4188-B3E5-4D7252C9520F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CE17C85-9A69-41FB-AB96-0DCAB72309A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:teltonika:rut955_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"00.05.01.1\",\"matchCriteriaId\":\"C8B54843-E70B-4B10-BBB3-C6BB34CADCB9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:teltonika:rut955:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F29C3F1-DFAF-433A-8B1E-4BD2A8DF6C1E\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Oct/29\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Oct/29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

GHSA-W6C8-3QRX-3R8H

Vulnerability from github – Published: 2022-05-14 01:54 – Updated: 2022-05-14 01:54

Details

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-17533"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-15T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.",
  "id": "GHSA-w6c8-3qrx-3r8h",
  "modified": "2022-05-14T01:54:37Z",
  "published": "2022-05-14T01:54:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17533"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Oct/29"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-17533

Vulnerability from fkie_nvd - Published: 2018-10-15 19:29 - Updated: 2024-11-21 03:54

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2018/Oct/29	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2018/Oct/29	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
teltonika	rut900_firmware	*
teltonika	rut900	-
teltonika	rut950_firmware	*
teltonika	rut950	-
teltonika	rut955_firmware	*
teltonika	rut955	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA56908-9AED-4818-8590-F9746F2AE0DE",
              "versionEndExcluding": "00.05.01.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D1E794-1212-43CC-BA30-551EE45FA646",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B756CF-A203-4188-B3E5-4D7252C9520F",
              "versionEndExcluding": "00.05.01.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE17C85-9A69-41FB-AB96-0DCAB72309A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut955_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8B54843-E70B-4B10-BBB3-C6BB34CADCB9",
              "versionEndExcluding": "00.05.01.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut955:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F29C3F1-DFAF-433A-8B1E-4BD2A8DF6C1E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization."
    },
    {
      "lang": "es",
      "value": "Los routers Teltonika RUT9XX con firmware en versiones anteriores a la 00.05.01.1 son propensos a vulnerabilidades Cross-Site Scripting (XSS) en hotspotlogin.cgi debido al saneamiento insuficiente de entradas de usuario."
    }
  ],
  "id": "CVE-2018-17533",
  "lastModified": "2024-11-21T03:54:33.783",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-15T19:29:01.837",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Oct/29"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Oct/29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-18495

Vulnerability from cnvd - Published: 2019-06-19

Title

Teltonika RUT9XX跨站脚本漏洞

Description

Teltonika RUT9XX routers (又称LuCI)是立陶宛Teltonika公司的一款路由器产品。固件版本低于00.05.01.1的Teltonika RUT9XX中的hotspotlogin.cgi存在跨站脚本漏洞，攻击者可利用该漏洞进行跨站脚本攻击。

Severity

中

Patch Name

Teltonika RUT9XX跨站脚本漏洞的补丁

Patch Description

Teltonika RUT9XX routers (又称LuCI)是立陶宛Teltonika公司的一款路由器产品。固件版本低于00.05.01.1的Teltonika RUT9XX中的hotspotlogin.cgi存在跨站脚本漏洞，攻击者可利用该漏洞进行跨站脚本攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://teltonika.lt/product/rut955/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-17533 https://www.exploitalert.com/view-details.html?id=31168

Impacted products

Name
Teltonika RUT9XX <00.05.01.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-17533"
    }
  },
  "description": "Teltonika RUT9XX routers (\u53c8\u79f0LuCI)\u662f\u7acb\u9676\u5b9bTeltonika\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u4ea7\u54c1\u3002\n\n\u56fa\u4ef6\u7248\u672c\u4f4e\u4e8e00.05.01.1\u7684Teltonika RUT9XX\u4e2d\u7684hotspotlogin.cgi\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://teltonika.lt/product/rut955/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-18495",
  "openTime": "2019-06-19",
  "patchDescription": "Teltonika RUT9XX routers (\u53c8\u79f0LuCI)\u662f\u7acb\u9676\u5b9bTeltonika\u516c\u53f8\u7684\u4e00\u6b3e\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u56fa\u4ef6\u7248\u672c\u4f4e\u4e8e00.05.01.1\u7684Teltonika RUT9XX\u4e2d\u7684hotspotlogin.cgi\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Teltonika RUT9XX\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Teltonika RUT9XX \u003c00.05.01.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-17533\r\nhttps://www.exploitalert.com/view-details.html?id=31168",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-16",
  "title": "Teltonika RUT9XX\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

VAR-201810-0456

Vulnerability from variot - Updated: 2023-12-18 12:43

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania.

Identifier : SBA-ADV-20180410-01
Type of Vulnerability : Cross Site Scripting
Software/Product Name : Teltonika RUT955
Vendor : Teltonika
Affected Versions : Firmware RUT9XX_R_00.05.00.5 and probably prior
Fixed in Version : RUT9XX_R_00.05.01.1
CVE ID : CVE-2018-17533
CVSSv3 Vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
CVSSv3 Base Score : 8.2 (High)

Vendor Description

RUT955 is a highly reliable and secure LTE router with I/O, GNSS and RS232/RS485 for professional applications. Router delivers high performance, mission-critical cellular communication and GPS location capabilities.

Source: https://teltonika.lt/product/rut955/

Impact

By exploiting the documented vulnerabilities, an attacker can execute JavaScript code in a user's browser within the origin of the router. The attacker might take over existing or future administrative web management sessions and gain access to the device.

We recommend upgrading to version RUT9XX_R_00.05.01.1 or newer, which includes fixes for the vulnerabilities described in this advisory. The scripts are part of the coova-chilli captive portal. However, in firmware versions before RUT9XX_R_00.04.233 the vulnerabilities are exploitable regardless of the device configuration, even if no captive portal is configured.

More concretely, the following parameters are vulnerable:

/cgi-bin/hotspotlogin.cgi
If res=failed or res=notyet
- challenge
- uamip
- uamport
- userurl

The affected script outputs these input parameters in an HTML context without proper output encoding.

The vulnerabilities are located in hotspotlogin.cgi:

[...]
elseif result == 2 or result == 5 then
        replace_tags.formHeader = [[<form name="myForm" method="post" action="]] .. loginpath .. [[">
                        <INPUT TYPE="hidden" NAME="challenge" VALUE="]] .. challenge .. [[">
                        <INPUT TYPE="hidden" NAME="]] .. names["uamip"] .. [[" VALUE="]] .. uamip .. [[">
                        <INPUT TYPE="hidden" NAME="]] .. names["uamport"] .. [[" VALUE="]] .. uamport .. [[">
                        <INPUT TYPE="hidden" NAME="]] .. names["userurl"] .. [[" VALUE="]] ..userurldecode .. [[">
                        <INPUT TYPE="hidden" NAME="res" VALUE="]] .. res .. [[">]]
        replace_tags.formFooter = [[</form>]]
[...]

As the above code snippet shows, the parameter userurl contains user input and is output without performing any HTML escaping.

Proof-of-Concept

An attacker can exploit this vulnerability by manipulating the userurl query parameter:

http://<IP>/cgi-bin/hotspotlogin.cgi?res=failed&userurl="><script>alert(1)</script><span

An attacker can exploit the other parameters (e.g. challenge) via POST requests:

<form action="http://<IP>/cgi-bin/hotspotlogin.cgi" method="post" enctype="text/plain">
<input type="hidden" name="res" value="failed&challenge=&quot;><script>alert(1)</script><span&quot;">
<input type="submit" value="challenge">
</form>

Timeline

2018-04-10 identification of vulnerability in version RUT9XX_R_00.04.161
2018-04-16 re-test of version RUT9XX_R_00.04.172
2018-04-16 initial vendor contact through public address
2018-04-18 vendor response with security contact
2018-04-19 disclosed vulnerability to vendor security contact
2018-04-26 vendor released fix in version RUT9XX_R_00.04.233
2018-07-09 notify vendor about incomplete fix in version RUT9XX_R_00.05.00.5
2018-07-19 vendor released fix in version RUT9XX_R_00.05.01.1
2018-07-25 re-test of version RUT9XX_R_00.05.01.2
2018-09-25 request CVE from MITRE
2018-09-26 MITRE assigned CVE-2018-17533
2018-10-11 public disclosure

References

Firmware Changelog: https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware

Credits

David Gnedt (SBA Research)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0456",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rut900",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "teltonika",
        "version": "00.05.01.1"
      },
      {
        "model": "rut950",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "teltonika",
        "version": "00.05.01.1"
      },
      {
        "model": "rut955",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "teltonika",
        "version": "00.05.01.1"
      },
      {
        "model": "rut9xx",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "teltonika",
        "version": "00.05.01.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17533"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:teltonika:rut900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "00.05.01.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:teltonika:rut900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "00.05.01.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:teltonika:rut955_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "00.05.01.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:teltonika:rut955:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-17533"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Gnedt",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "149781"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2018-17533",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-17533",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2019-18495",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-17533",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-17533",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-18495",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-711",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-711"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. \n\n* **Identifier**            : SBA-ADV-20180410-01\n* **Type of Vulnerability** : Cross Site Scripting\n* **Software/Product Name** : [Teltonika RUT955](https://teltonika.lt/product/rut955/)\n* **Vendor**                : [Teltonika](https://teltonika.lt/)\n* **Affected Versions**     : Firmware RUT9XX_R_00.05.00.5 and probably prior\n* **Fixed in Version**      : RUT9XX_R_00.05.01.1\n* **CVE ID**                : CVE-2018-17533\n* **CVSSv3 Vector**         : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N\n* **CVSSv3 Base Score**     : 8.2 (High)\n\n## Vendor Description ##\n\n\u003e RUT955 is a highly reliable and secure LTE router with I/O, GNSS and\n\u003e RS232/RS485 for professional applications. Router delivers high\n\u003e performance, mission-critical cellular communication and GPS location\n\u003e capabilities. \n\nSource: \u003chttps://teltonika.lt/product/rut955/\u003e\n\n## Impact ##\n\nBy exploiting the documented vulnerabilities, an attacker can execute\nJavaScript code in a user\u0027s browser within the origin of the router. \nThe attacker might take over existing or future administrative web\nmanagement sessions and gain access to the device. \n\nWe recommend upgrading to version RUT9XX_R_00.05.01.1 or newer, which\nincludes fixes for the vulnerabilities described in this advisory. The scripts are part of\nthe coova-chilli captive portal. However, in firmware versions before\nRUT9XX_R_00.04.233 the vulnerabilities are exploitable regardless of\nthe device configuration, even if no captive portal is configured. \n\nMore concretely, the following parameters are vulnerable:\n\n* `/cgi-bin/hotspotlogin.cgi`\n  * *If* res=failed or res=notyet\n    * challenge\n    * uamip\n    * uamport\n    * userurl\n\nThe affected script outputs these input parameters in an HTML context\nwithout proper output encoding. \n\nThe vulnerabilities are located in `hotspotlogin.cgi`:\n\n```lua\n[...]\nelseif result == 2 or result == 5 then\n        replace_tags.formHeader = [[\u003cform name=\"myForm\" method=\"post\" action=\"]] .. loginpath .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"challenge\" VALUE=\"]] .. challenge .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"]] .. names[\"uamip\"] .. [[\" VALUE=\"]] .. uamip .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"]] .. names[\"uamport\"] .. [[\" VALUE=\"]] .. uamport .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"]] .. names[\"userurl\"] .. [[\" VALUE=\"]] ..userurldecode .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"res\" VALUE=\"]] .. res .. [[\"\u003e]]\n        replace_tags.formFooter = [[\u003c/form\u003e]]\n[...]\n```\n\nAs the above code snippet shows, the parameter `userurl` contains user\ninput and is output without performing any HTML escaping. \n\n## Proof-of-Concept ##\n\nAn attacker can exploit this vulnerability by manipulating the `userurl`\nquery parameter:\n\n```text\nhttp://\u003cIP\u003e/cgi-bin/hotspotlogin.cgi?res=failed\u0026userurl=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003cspan\n```\n\nAn attacker can exploit the other parameters (e.g. challenge) via POST\nrequests:\n\n```html\n\u003cform action=\"http://\u003cIP\u003e/cgi-bin/hotspotlogin.cgi\" method=\"post\" enctype=\"text/plain\"\u003e\n\u003cinput type=\"hidden\" name=\"res\" value=\"failed\u0026challenge=\u0026quot;\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003cspan\u0026quot;\"\u003e\n\u003cinput type=\"submit\" value=\"challenge\"\u003e\n\u003c/form\u003e\n```\n\n## Timeline ##\n\n* `2018-04-10` identification of vulnerability in version RUT9XX_R_00.04.161\n* `2018-04-16` re-test of version RUT9XX_R_00.04.172\n* `2018-04-16` initial vendor contact through public address\n* `2018-04-18` vendor response with security contact\n* `2018-04-19` disclosed vulnerability to vendor security contact\n* `2018-04-26` vendor released fix in version RUT9XX_R_00.04.233\n* `2018-07-09` notify vendor about incomplete fix in version RUT9XX_R_00.05.00.5\n* `2018-07-19` vendor released fix in version RUT9XX_R_00.05.01.1\n* `2018-07-25` re-test of version RUT9XX_R_00.05.01.2\n* `2018-09-25` request CVE from MITRE\n* `2018-09-26` MITRE assigned CVE-2018-17533\n* `2018-10-11` public disclosure\n\n## References ##\n\n* Firmware Changelog: \u003chttps://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware\u003e\n\n## Credits ##\n\n* David Gnedt ([SBA Research](https://www.sba-research.org/))\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-17533"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      },
      {
        "db": "PACKETSTORM",
        "id": "149781"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-17533",
        "trust": 3.1
      },
      {
        "db": "PACKETSTORM",
        "id": "149781",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053",
        "trust": 0.8
      },
      {
        "db": "EXPLOITALERT",
        "id": "31168",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-711",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "db": "PACKETSTORM",
        "id": "149781"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-711"
      }
    ]
  },
  "id": "VAR-201810-0456",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:43:50.779000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://teltonika.lt/"
      },
      {
        "title": "Patch for TeltonikaRUT9XX Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/163897"
      },
      {
        "title": "Teltonika RUT9XX Repair measures for router cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85808"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-711"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17533"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://packetstormsecurity.com/files/149781/teltonika-rut9xx-reflected-cross-site-scripting.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/sbaresearch/advisories/tree/public/2018/sba-adv-20180410-01_teltonika_cross_site_scripting"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2018/oct/29"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17533"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17533"
      },
      {
        "trust": 0.6,
        "url": "https://www.exploitalert.com/view-details.html?id=31168"
      },
      {
        "trust": 0.1,
        "url": "https://teltonika.lt/)"
      },
      {
        "trust": 0.1,
        "url": "http://\u003cip\u003e/cgi-bin/hotspotlogin.cgi?res=failed\u0026userurl=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003cspan"
      },
      {
        "trust": 0.1,
        "url": "https://teltonika.lt/product/rut955/)"
      },
      {
        "trust": 0.1,
        "url": "http://\u003cip\u003e/cgi-bin/hotspotlogin.cgi\""
      },
      {
        "trust": 0.1,
        "url": "https://teltonika.lt/product/rut955/\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://wiki.teltonika.lt/index.php?title=rut9xx_firmware\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.sba-research.org/))"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "db": "PACKETSTORM",
        "id": "149781"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-711"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "db": "PACKETSTORM",
        "id": "149781"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17533"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-711"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      },
      {
        "date": "2019-01-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "date": "2018-10-12T16:22:13",
        "db": "PACKETSTORM",
        "id": "149781"
      },
      {
        "date": "2018-10-15T19:29:01.837000",
        "db": "NVD",
        "id": "CVE-2018-17533"
      },
      {
        "date": "2018-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-711"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-18495"
      },
      {
        "date": "2019-01-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      },
      {
        "date": "2018-11-30T14:09:02.167000",
        "db": "NVD",
        "id": "CVE-2018-17533"
      },
      {
        "date": "2018-10-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-711"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-711"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Teltonika RUT9XX Router firmware cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011053"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "149781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-711"
      }
    ],
    "trust": 0.7
  }
}

GSD-2018-17533

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

Aliases

CVE-2018-17533

Aliases

CVE-2018-17533

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-17533",
    "description": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.",
    "id": "GSD-2018-17533",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-17533"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-17533"
      ],
      "details": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.",
      "id": "GSD-2018-17533",
      "modified": "2023-12-13T01:22:30.829679Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-17533",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting",
            "refsource": "MISC",
            "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting"
          },
          {
            "name": "20181011 [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2018/Oct/29"
          },
          {
            "name": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:teltonika:rut900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "00.05.01.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:teltonika:rut900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "00.05.01.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:teltonika:rut955_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "00.05.01.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:teltonika:rut955:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-17533"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting"
            },
            {
              "name": "20181011 [SBA-ADV-20180410-01] CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Oct/29"
            },
            {
              "name": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2018-11-30T14:09Z",
      "publishedDate": "2018-10-15T19:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-17533 (GCVE-0-2018-17533)

GHSA-W6C8-3QRX-3R8H

FKIE_CVE-2018-17533

CNVD-2019-18495

VAR-201810-0456

Vendor Description

Impact

Proof-of-Concept

Timeline

References

Credits

GSD-2018-17533

Tags

Sightings

Nomenclature