Sign-up

ID

VAR-201703-1382


TITLE

DBLTek GoIP 'dbladm' User Unauthorized Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-02725

DESCRIPTION

DBLTechnology is a manufacturer of communication equipment in Shenzhen. Its main products include GSM voice gateway, IP telephony gateway, enterprise-class softswitch, etc., which are mostly used by telephone companies and VoIP service providers. The DBLTekGoIP 'dbladm' user has an unauthorized access vulnerability. The attacker obtains sensitive information about the device by logging in \"ctlcmd\" and \"limitsh\" and accessing it with the user-configured administrator password, and obtaining a shell with root privileges on the affected device.

Trust: 0.6

sources: CNVD: CNVD-2017-02725

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-02725

AFFECTED PRODUCTS

vendor:debolemodel:voip gsm gatewayscope: - version: -

Trust: 0.6

vendor:debolemodel:goipscope:eqversion:1

Trust: 0.6

vendor:debolemodel:goipscope:eqversion:4

Trust: 0.6

vendor:debolemodel:goipscope:eqversion:8

Trust: 0.6

vendor:debolemodel:goipscope:eqversion:16

Trust: 0.6

vendor:debolemodel:goipscope:eqversion:32

Trust: 0.6

sources: CNVD: CNVD-2017-02725

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-02725
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-02725
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-02725

EXTERNAL IDS

db:CNVDid:CNVD-2017-02725

Trust: 0.6

sources: CNVD: CNVD-2017-02725

REFERENCES

url:https://www.trustwave.com/resources/spiderlabs-blog/undocumented-backdoor-account-in-dbltek-goip/

Trust: 0.6

sources: CNVD: CNVD-2017-02725

SOURCES

db:CNVDid:CNVD-2017-02725

LAST UPDATE DATE

2022-05-04T09:29:41.225000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-02725date:2017-03-14T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-02725date:2017-03-14T00:00:00