VAR-201003-0151
Vulnerability from variot - Updated: 2023-12-18 13:53UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. Energizer DUO is a fast USB charger. Energizer DUO has a security vulnerability in its implementation that could allow an attacker to list arbitrary directories, send and receive files, and execute arbitrary code. ----------------------------------------------------------------------
Use WSUS to deploy 3rd party patches
Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
TITLE: Energizer DUO Charger Software Backdoor Security Issue
SECUNIA ADVISORY ID: SA38894
VERIFY ADVISORY: http://secunia.com/advisories/38894/
DESCRIPTION: A security issue has been reported in Energizer DUO Charger Software, which can be exploited by malicious people to compromise a vulnerable system.
The security issue is caused due to a backdoor (Arucer.dll) placed in the Windows system32 directory by the installer software. This can be exploited to e.g.
NOTE: The backdoor is configured to start automatically on system start.
SOLUTION: Uninstall the software and remove "Arucer.dll" from the Windows system32 directory.
PROVIDED AND/OR DISCOVERED BY: US-CERT credits Ed Schaller.
ORIGINAL ADVISORY: VU#154421: http://www.kb.cert.org/vuls/id/154421
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201003-0151",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "duo usb",
"scope": null,
"trust": 1.4,
"vendor": "energizer",
"version": null
},
{
"model": "duo usb",
"scope": "eq",
"trust": 1.0,
"vendor": "energizer",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "energizer",
"version": null
},
{
"model": "duo",
"scope": null,
"trust": 0.6,
"vendor": "energizer",
"version": null
},
{
"model": "duo",
"scope": "eq",
"trust": 0.3,
"vendor": "energizer",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#154421"
},
{
"db": "CNVD",
"id": "CNVD-2010-3464"
},
{
"db": "BID",
"id": "38571"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003768"
},
{
"db": "NVD",
"id": "CVE-2010-0103"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:energizer:duo_usb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0103"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ed Schaller",
"sources": [
{
"db": "BID",
"id": "38571"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
],
"trust": 0.9
},
"cve": "CVE-2010-0103",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-0103",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-3464",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-0103",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#154421",
"trust": 0.8,
"value": "2.09"
},
{
"author": "CNVD",
"id": "CNVD-2010-3464",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201003-107",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#154421"
},
{
"db": "CNVD",
"id": "CNVD-2010-3464"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003768"
},
{
"db": "NVD",
"id": "CVE-2010-0103"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. Energizer DUO is a fast USB charger. Energizer DUO has a security vulnerability in its implementation that could allow an attacker to list arbitrary directories, send and receive files, and execute arbitrary code. ----------------------------------------------------------------------\n\n\nUse WSUS to deploy 3rd party patches\n\nPublic BETA\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nEnergizer DUO Charger Software Backdoor Security Issue\n\nSECUNIA ADVISORY ID:\nSA38894\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38894/\n\nDESCRIPTION:\nA security issue has been reported in Energizer DUO Charger Software,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe security issue is caused due to a backdoor (Arucer.dll) placed in\nthe Windows system32 directory by the installer software. This can be\nexploited to e.g. \n\nNOTE: The backdoor is configured to start automatically on system\nstart. \n\nSOLUTION:\nUninstall the software and remove \"Arucer.dll\" from the Windows\nsystem32 directory. \n\nPROVIDED AND/OR DISCOVERED BY:\nUS-CERT credits Ed Schaller. \n\nORIGINAL ADVISORY:\nVU#154421:\nhttp://www.kb.cert.org/vuls/id/154421\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0103"
},
{
"db": "CERT/CC",
"id": "VU#154421"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003768"
},
{
"db": "CNVD",
"id": "CNVD-2010-3464"
},
{
"db": "BID",
"id": "38571"
},
{
"db": "PACKETSTORM",
"id": "87000"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#154421",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2010-0103",
"trust": 3.3
},
{
"db": "BID",
"id": "38571",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003768",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-3464",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201003-107",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "38894",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "87000",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#154421"
},
{
"db": "CNVD",
"id": "CNVD-2010-3464"
},
{
"db": "BID",
"id": "38571"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003768"
},
{
"db": "PACKETSTORM",
"id": "87000"
},
{
"db": "NVD",
"id": "CVE-2010-0103"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
]
},
"id": "VAR-201003-0151",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3464"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-3464"
}
]
},
"last_update_date": "2023-12-18T13:53:42.124000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.energizer.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003768"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003768"
},
{
"db": "NVD",
"id": "CVE-2010-0103"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/154421"
},
{
"trust": 2.4,
"url": "http://www.marketwatch.com/story/energizer-announces-duo-charger-and-usb-charger-software-problem-2010-03-05"
},
{
"trust": 2.4,
"url": "http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/38571"
},
{
"trust": 0.8,
"url": "http://www.energizerrecharge.eu/en/range/chargers/usb"
},
{
"trust": 0.8,
"url": "http://www.threatexpert.com/report.aspx?md5=3f4f10b927677e45a495d0cdd4390aaf"
},
{
"trust": 0.8,
"url": "http://www.energizer.com/usbcharger/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0103"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0103"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/38571/info"
},
{
"trust": 0.3,
"url": "http://www.energizer.com/pages/default.aspx"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/38894/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#154421"
},
{
"db": "CNVD",
"id": "CNVD-2010-3464"
},
{
"db": "BID",
"id": "38571"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003768"
},
{
"db": "PACKETSTORM",
"id": "87000"
},
{
"db": "NVD",
"id": "CVE-2010-0103"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#154421"
},
{
"db": "CNVD",
"id": "CNVD-2010-3464"
},
{
"db": "BID",
"id": "38571"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003768"
},
{
"db": "PACKETSTORM",
"id": "87000"
},
{
"db": "NVD",
"id": "CVE-2010-0103"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-03-05T00:00:00",
"db": "CERT/CC",
"id": "VU#154421"
},
{
"date": "2010-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3464"
},
{
"date": "2010-03-05T00:00:00",
"db": "BID",
"id": "38571"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003768"
},
{
"date": "2010-03-08T17:00:32",
"db": "PACKETSTORM",
"id": "87000"
},
{
"date": "2010-03-10T20:13:02.667000",
"db": "NVD",
"id": "CVE-2010-0103"
},
{
"date": "2010-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-15T00:00:00",
"db": "CERT/CC",
"id": "VU#154421"
},
{
"date": "2010-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-3464"
},
{
"date": "2010-03-18T15:22:00",
"db": "BID",
"id": "38571"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003768"
},
{
"date": "2010-03-10T20:13:02.667000",
"db": "NVD",
"id": "CVE-2010-0103"
},
{
"date": "2010-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Energizer DUO USB Battery Charger Unauthorized Access Vulnerability",
"sources": [
{
"db": "BID",
"id": "38571"
},
{
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201003-107"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…