Details of VAR-201707-0398

ID

VAR-201707-0398

CVE

CVE-2017-11361

TITLE

Inteno In the router "user" Vulnerability to read files by account

Trust: 0.8

sources: JVNDB: JVNDB-2017-005971

DESCRIPTION

Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.). Intenorouters is a wireless router from IntenoBroadband Technologies of Sweden. A security vulnerability exists in the Inteno router that caused the program to fail to properly configure the JUCIACL

Trust: 2.25

sources: NVD: CVE-2017-11361 // JVNDB: JVNDB-2017-005971 // CNVD: CNVD-2017-25529 // VULHUB: VHN-101776

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-25529

AFFECTED PRODUCTS

vendor:	intenogroup	model:	inteno router	scope:	eq	version:	-	Trust: 1.6
vendor:	inteno	model:	router	scope:	-	version:	-	Trust: 0.8
vendor:	inteno	model:	routers	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-25529 // JVNDB: JVNDB-2017-005971 // CNNVD: CNNVD-201707-693 // NVD: CVE-2017-11361

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-11361
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-11361
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-25529
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201707-693
value:	HIGH
Trust: 0.6
VULHUB:	VHN-101776
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-11361
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-25529
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-101776
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-11361
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-25529 // VULHUB: VHN-101776 // JVNDB: JVNDB-2017-005971 // CNNVD: CNNVD-201707-693 // NVD: CVE-2017-11361

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-101776 // JVNDB: JVNDB-2017-005971 // NVD: CVE-2017-11361

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-693

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201707-693

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005971

PATCH

title:

Top Page

url:

https://www.intenogroup.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-005971

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11361	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-005971	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-693	Trust: 0.7
db:	CNVD	id:	CNVD-2017-25529	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-101776	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-25529 // VULHUB: VHN-101776 // JVNDB: JVNDB-2017-005971 // CNNVD: CNNVD-201707-693 // NVD: CVE-2017-11361

REFERENCES

url:	https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html	Trust: 3.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11361	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11361	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-25529 // VULHUB: VHN-101776 // JVNDB: JVNDB-2017-005971 // CNNVD: CNNVD-201707-693 // NVD: CVE-2017-11361

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2017-25529
db:	VULHUB	id:	VHN-101776
db:	JVNDB	id:	JVNDB-2017-005971
db:	CNNVD	id:	CNNVD-201707-693
db:	NVD	id:	CVE-2017-11361

LAST UPDATE DATE

2025-04-20T20:21:28.456000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-25529	date:	2017-09-07T00:00:00
db:	VULHUB	id:	VHN-101776	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-005971	date:	2017-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201707-693	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-11361	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-25529	date:	2017-09-07T00:00:00
db:	VULHUB	id:	VHN-101776	date:	2017-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2017-005971	date:	2017-08-14T00:00:00
db:	CNNVD	id:	CNNVD-201707-693	date:	2017-07-25T00:00:00
db:	NVD	id:	CVE-2017-11361	date:	2017-07-17T17:29:00.493