Sign-up

ID

VAR-201407-0712


TITLE

MTS MBlaze Ultra Wi-Fi ZTE AC3633 Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 68806 // CNNVD: CNNVD-201407-538

DESCRIPTION

MTS MBlaze Ultra Wi-Fi ZTE AC3633 is a wireless modem. MTS MBlaze Ultra Wi-Fi ZTE AC3633 has a cross-site request forgery vulnerability, a security bypass vulnerability, an authentication bypass vulnerability, and an information disclosure vulnerability. A remote attacker could use these vulnerabilities to perform administrator actions, obtain sensitive information, bypass certain security restrictions, or gain access to affected devices. Other attacks are also possible

Trust: 1.35

sources: CNVD: CNVD-2014-04553 // CNNVD: CNNVD-201407-538 // BID: 68806

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04553

AFFECTED PRODUCTS

vendor:mtsmodel:mblaze ultra wi-fi zte ac3633scope: - version: -

Trust: 0.6

vendor:mtsmodel:mblaze ultra 3g plus wi-fi donglescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2014-04553 // BID: 68806

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-04553
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2014-04553
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-04553

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-538

TYPE

Design Error

Trust: 0.3

sources: BID: 68806

EXTERNAL IDS

db:BIDid:68806

Trust: 1.5

db:CNVDid:CNVD-2014-04553

Trust: 0.6

db:CNNVDid:CNNVD-201407-538

Trust: 0.6

sources: CNVD: CNVD-2014-04553 // BID: 68806 // CNNVD: CNNVD-201407-538

REFERENCES

url:http://www.securityfocus.com/bid/68806

Trust: 1.2

url:http://opensecurity.in/mts-mblaze-ultra-wi-fi-zte-ac3633-exploit/

Trust: 0.3

url:http://www.thinkofus.in/index.php?route=product/product&product_id=209

Trust: 0.3

url:https://github.com/ajinabraham/poc/blob/master/mts%20mblaze%20ultra%20wi-fi_zte%20ac3633%20exploit.py

Trust: 0.3

sources: CNVD: CNVD-2014-04553 // BID: 68806 // CNNVD: CNNVD-201407-538

CREDITS

Ajin Abraham

Trust: 0.9

sources: BID: 68806 // CNNVD: CNNVD-201407-538

SOURCES

db:CNVDid:CNVD-2014-04553
db:BIDid:68806
db:CNNVDid:CNNVD-201407-538

LAST UPDATE DATE

2022-05-17T01:51:09.782000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-04553date:2014-07-24T00:00:00
db:BIDid:68806date:2014-07-21T00:00:00
db:CNNVDid:CNNVD-201407-538date:2014-07-23T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-04553date:2014-07-24T00:00:00
db:BIDid:68806date:2014-07-21T00:00:00
db:CNNVDid:CNNVD-201407-538date:2014-07-23T00:00:00