Details of VAR-201703-1354

ID

VAR-201703-1354

CVE

CVE-2017-6896

TITLE

DIGISOL DG-HR1400 Elevated privilege vulnerability in wireless router

Trust: 0.8

sources: JVNDB: JVNDB-2017-002268

DESCRIPTION

Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value. The DIGISOLDG-HR1400 is a wireless router. There is an elevation of privilege vulnerability in DIGISOLDG-HR1400. DIGISOL DG-HR1400 is a wireless broadband home router produced by DIGISOL SYSTEMS in India

Trust: 2.25

sources: NVD: CVE-2017-6896 // JVNDB: JVNDB-2017-002268 // CNVD: CNVD-2017-03690 // VULHUB: VHN-115099

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-03690

AFFECTED PRODUCTS

vendor:	digisol	model:	dg-hr1400 router	scope:	eq	version:	1.00.02	Trust: 1.6
vendor:	smartlink network	model:	digisol dg-hr1400	scope:	-	version:	-	Trust: 0.8
vendor:	smartlink network	model:	digisol dg-hr1400	scope:	eq	version:	1.00.02	Trust: 0.8
vendor:	digisol	model:	dg-hr1400	scope:	eq	version:	1.00.02	Trust: 0.6

sources: CNVD: CNVD-2017-03690 // JVNDB: JVNDB-2017-002268 // CNNVD: CNNVD-201703-580 // NVD: CVE-2017-6896

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6896
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6896
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-03690
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201703-580
value:	HIGH
Trust: 0.6
VULHUB:	VHN-115099
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6896
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-03690
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-115099
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6896
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-03690 // VULHUB: VHN-115099 // JVNDB: JVNDB-2017-002268 // CNNVD: CNNVD-201703-580 // NVD: CVE-2017-6896

PROBLEMTYPE DATA

problemtype:	CWE-565	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-115099 // JVNDB: JVNDB-2017-002268 // NVD: CVE-2017-6896

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-580

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201703-580

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002268

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-115099

PATCH

title:

DG-HR1400

url:

http://wifi.digisol.com/datasheets/DG-HR1400.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2017-002268

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6896	Trust: 3.1
db:	EXPLOIT-DB	id:	41633	Trust: 2.3
db:	PACKETSTORM	id:	141693	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-002268	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-580	Trust: 0.7
db:	CNVD	id:	CNVD-2017-03690	Trust: 0.6
db:	VULHUB	id:	VHN-115099	Trust: 0.1

sources: CNVD: CNVD-2017-03690 // VULHUB: VHN-115099 // JVNDB: JVNDB-2017-002268 // CNNVD: CNNVD-201703-580 // NVD: CVE-2017-6896

REFERENCES

url:	https://www.indrajithan.com/digisol_router_previlage_escaltion	Trust: 2.5
url:	https://www.exploit-db.com/exploits/41633/	Trust: 2.3
url:	http://seclists.org/fulldisclosure/2017/mar/52	Trust: 1.7
url:	https://drive.google.com/file/d/0b6715xuqh18mx29urlpasvj4ota/view?usp=sharing	Trust: 1.7
url:	https://packetstormsecurity.com/files/141693/digisol-escalate.txt	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6896	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6896	Trust: 0.8

sources: CNVD: CNVD-2017-03690 // VULHUB: VHN-115099 // JVNDB: JVNDB-2017-002268 // CNNVD: CNNVD-201703-580 // NVD: CVE-2017-6896

SOURCES

db:	CNVD	id:	CNVD-2017-03690
db:	VULHUB	id:	VHN-115099
db:	JVNDB	id:	JVNDB-2017-002268
db:	CNNVD	id:	CNNVD-201703-580
db:	NVD	id:	CVE-2017-6896

LAST UPDATE DATE

2025-04-20T23:33:00.291000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-03690	date:	2017-03-30T00:00:00
db:	VULHUB	id:	VHN-115099	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-002268	date:	2017-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201703-580	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6896	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-03690	date:	2017-03-30T00:00:00
db:	VULHUB	id:	VHN-115099	date:	2017-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2017-002268	date:	2017-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201703-580	date:	2017-03-16T00:00:00
db:	NVD	id:	CVE-2017-6896	date:	2017-03-14T20:59:00.167