Sign-up

ID

VAR-201705-4198


TITLE

Multiple Vulnerabilities in CERIO DT-100G-N/DT-300N/CW-300N

Trust: 0.6

sources: CNVD: CNVD-2017-07719

DESCRIPTION

The CERIODT-100G-N/DT-300N/CW-300N is a wireless router product from CERIO. The CERIODT-100G-N/DT-300N/CW-300N has hard-coded and default credentials, information leaks, command injection, and backdoor vulnerabilities. Allows the restricted shell to be escaped to the root shell via the 'pekcmd' binary. Since all processes are running as root, an attacker can put the hard-coded string stored in it into the root shell. CERIO's DT-300N A4 eXtreme Power 11n 2.4Ghz 2x2 High Power Wireless Access Point with built-in 10dBi patch antennas and also supports broadband wireless routing. DT-300N A4's wireless High Power design enhances the range and stability of the device's wireless signal in office and home environments. Another key hardware function of DT-300N A4 is its PoE Bridging feature, which allows subsequent devices to be powered through DT-300N A4's LAN port. This reduces device cabling and allows for more convenient deployment. DT-300N A4 utilizes a 533Mhz high power CPU base with 11n 2x2 transmission rates of 300Mbps. This powerful device can produce high level performance across multiple rooms or large spaces such as offices, schools, businesses and residential areas. DT-300N A4 is suitable for both indoor and outdoor deployment, and utilizes an IPX6 weatherproof housing. The DT-300N A4 hardware equipped with to bundles Cerio CenOS 5.0 Software Core. CenOS 5.0 devices can use integrated management functions of Control Access Point (CAP Mode) to manage an AP network.Cerio Wireless Access Point and Router suffers fromseveral vulnerabilities including: hard-coded and defaultcredentials, information disclosure, command injection andhidden backdoors that allows escaping the restricted shellinto a root shell via the 'pekcmd' binary. Thepekcmd shell has several hidden functionalities for enablingan advanced menu and modifying MAC settings as well as easilyescapable regex function for shell characters.Tested on: Cenwell Linux 802.11bgn MIMO Wireless AP(AR9341)RALINK(R) Cen-CPE-N5H2 (Access Point)CenOS 5.0/4.0/3.0Hydra/0.1.8

Trust: 0.63

sources: CNVD: CNVD-2017-07719 // ZSL: ZSL-2017-5409

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07719

AFFECTED PRODUCTS

vendor:ceriomodel:kozumi?scope:eqversion:v1.1.1

Trust: 0.6

vendor:ceriomodel:cw-300n (fw: cen-cpe-n2h10ascope:eqversion:)v1.0.22

Trust: 0.6

vendor:ceriomodel:dt-300n (fw: cen-cpe-n2h10ascope:eqversion:)v1.1.6

Trust: 0.6

vendor:ceriomodel:dt-300n (fw: cen-cpe-n2h10ascope:eqversion:)v1.0.14

Trust: 0.6

vendor:ceriomodel:dt-100g-n (fw: cen-wr-g2h5scope:eqversion:)v1.0.6

Trust: 0.6

vendor:ceriomodel:11nbgscope:eqversion:dt-100g-n (fw: cen-wr-g2h5 v1.0.6)

Trust: 0.1

vendor:ceriomodel:11nbgscope:eqversion:dt-300n (fw: cen-cpe-n2h10a v1.0.14)

Trust: 0.1

vendor:ceriomodel:11nbgscope:eqversion:dt-300n (fw: cen-cpe-n2h10a v1.1.6)

Trust: 0.1

vendor:ceriomodel:11nbgscope:eqversion:cw-300n (fw: cen-cpe-n2h10a v1.0.22)

Trust: 0.1

vendor:ceriomodel:11nbgscope:eqversion:kozumi? (fw: cen-cpe-n5h5r v1.1.1)

Trust: 0.1

sources: ZSL: ZSL-2017-5409 // CNVD: CNVD-2017-07719

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-07719
value: HIGH

Trust: 0.6

ZSL: ZSL-2017-5409
value: (5/5)

Trust: 0.1

CNVD: CNVD-2017-07719
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: ZSL: ZSL-2017-5409 // CNVD: CNVD-2017-07719

TYPE

Local/Remote,System Access

Trust: 0.1

sources: ZSL: ZSL-2017-5409

EXPLOIT AVAILABILITY

sources:
            
            
            ZSL: ZSL-2017-5409

EXTERNAL IDS
db:EXPLOIT-DBid:42079
Trust: 0.7
db:ZSLid:ZSL-2017-5409
Trust: 0.7
db:EXPLOITDBid:42079
Trust: 0.6
db:CNVDid:CNVD-2017-07719
Trust: 0.6
db:PACKETSTORMid:142730
Trust: 0.1
db:CXSECURITYid:WLB-2017050217
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2017-5409 // 
            
            
            
            CNVD: CNVD-2017-07719

REFERENCES
url:https://www.exploit-db.com/exploits/42079/
Trust: 0.7
url:http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5409.php
Trust: 0.6
url:https://cxsecurity.com/issue/wlb-2017050217
Trust: 0.1
url:https://packetstormsecurity.com/files/142730
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/127195
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2017-5409 // 
            
            
            
            CNVD: CNVD-2017-07719

CREDITS
Vulnerability discovered by Gjoko Krstic
Trust: 0.1
sources:
            
            
            ZSL: ZSL-2017-5409

SOURCES
db:ZSLid:ZSL-2017-5409
db:CNVDid:CNVD-2017-07719

LAST UPDATE DATE
2022-10-19T22:40:03.350000+00:00

SOURCES UPDATE DATE
db:ZSLid:ZSL-2017-5409date:2017-08-02T00:00:00
db:CNVDid:CNVD-2017-07719date:2017-05-31T00:00:00

SOURCES RELEASE DATE
db:ZSLid:ZSL-2017-5409date:2017-05-28T00:00:00
db:CNVDid:CNVD-2017-07719date:2017-05-31T00:00:00