Sign-up

ID

VAR-201707-0949


CVE

CVE-2017-6530


TITLE

Televes COAXDATA GATEWAY 1Gbps Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-005941

DESCRIPTION

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. Televes COAXDATA GATEWAY 1Gbps The device password.shtml There is a vulnerability related to certificate / password management because authentication is not checked.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TelevesCOAXDATAGATEWAY1Gbpsdevices is a wireless router device from Televes, Spain. A security vulnerability exists in the TelevesCOAXDATAGATEWAY 1Gbps device due to lack of access control and detection on the client side. An attacker could use this vulnerability to change the password of an administrator user

Trust: 2.25

sources: NVD: CVE-2017-6530 // JVNDB: JVNDB-2017-005941 // CNVD: CNVD-2017-18521 // VULHUB: VHN-114733

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-18521

AFFECTED PRODUCTS

vendor:televesmodel:coaxdata gateway 1gbpsscope:eqversion:1.02.0014_4.20

Trust: 1.6

vendor:televesmodel:coaxdata gateway 1gbpsscope: - version: -

Trust: 0.8

vendor:televesmodel:coaxdata gatewayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-18521 // JVNDB: JVNDB-2017-005941 // CNNVD: CNNVD-201703-329 // NVD: CVE-2017-6530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6530
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-6530
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-18521
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-329
value: CRITICAL

Trust: 0.6

VULHUB: VHN-114733
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6530
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-18521
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114733
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6530
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-18521 // VULHUB: VHN-114733 // JVNDB: JVNDB-2017-005941 // CNNVD: CNNVD-201703-329 // NVD: CVE-2017-6530

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-114733 // JVNDB: JVNDB-2017-005941 // NVD: CVE-2017-6530

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-329

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201703-329

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005941

PATCH
title:COAXDATA GATEWAY 1Gbpsurl:http://www.televes.es/es/producto/coaxdata-gateway-1gbps
Trust: 0.8
title:Patch for any password change vulnerability in TelevesCOAXDATAGATEWAY1Gbps deviceurl:https://www.cnvd.org.cn/patchInfo/show/99419
Trust: 0.6
title:Televes COAXDATA GATEWAY 1Gbps Fixes for device trust management vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99672
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-18521 // 
            
            
            
            JVNDB: JVNDB-2017-005941 // 
            
            
            
            CNNVD: CNNVD-201703-329

EXTERNAL IDS
db:NVDid:CVE-2017-6530
Trust: 3.2
db:JVNDBid:JVNDB-2017-005941
Trust: 0.8
db:CNNVDid:CNNVD-201703-329
Trust: 0.7
db:CNVDid:CNVD-2017-18521
Trust: 0.6
db:PACKETSTORMid:143430
Trust: 0.2
db:VULHUBid:VHN-114733
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-18521 // 
            
            
            
            VULHUB: VHN-114733 // 
            
            
            
            JVNDB: JVNDB-2017-005941 // 
            
            
            
            PACKETSTORM: 143430 // 
            
            
            
            CNNVD: CNNVD-201703-329 // 
            
            
            
            NVD: CVE-2017-6530

REFERENCES
url:https://www.tarlogic.com/advisories/televes_coaxdata_gateway_en.txt
Trust: 3.1
url:https://www.tarlogic.com/advisories/televes_coaxdata_gateway_es.txt
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-6530
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6530
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6532
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-6531
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-18521 // 
            
            
            
            VULHUB: VHN-114733 // 
            
            
            
            JVNDB: JVNDB-2017-005941 // 
            
            
            
            PACKETSTORM: 143430 // 
            
            
            
            CNNVD: CNNVD-201703-329 // 
            
            
            
            NVD: CVE-2017-6530

CREDITS
Pedro Andujar
Trust: 0.1
sources:
            
            
            PACKETSTORM: 143430

SOURCES
db:CNVDid:CNVD-2017-18521
db:VULHUBid:VHN-114733
db:JVNDBid:JVNDB-2017-005941
db:PACKETSTORMid:143430
db:CNNVDid:CNNVD-201703-329
db:NVDid:CVE-2017-6530

LAST UPDATE DATE
2025-04-20T23:13:03.052000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-18521date:2017-08-03T00:00:00
db:VULHUBid:VHN-114733date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-005941date:2017-08-10T00:00:00
db:CNNVDid:CNNVD-201703-329date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6530date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-18521date:2017-08-02T00:00:00
db:VULHUBid:VHN-114733date:2017-07-20T00:00:00
db:JVNDBid:JVNDB-2017-005941date:2017-08-10T00:00:00
db:PACKETSTORMid:143430date:2017-07-21T19:53:07
db:CNNVDid:CNNVD-201703-329date:2017-03-09T00:00:00
db:NVDid:CVE-2017-6530date:2017-07-20T13:29:00.247