Sign-up

ID

VAR-201710-0797


CVE

CVE-2017-14000


TITLE

Ctek SkyRouter Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: 964483ce-3df4-4a34-9699-435e11647a62 // CNVD: CNVD-2017-27938

DESCRIPTION

An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating. Ctek SkyRouter Series 4200 and 4400 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SkyRouter is a product of the Swedish CTEK company that manages wireless IP connections. Ctek SkyRouter is prone to an authentication-bypass vulnerability. This may lead to further attacks. Versions prior to ICtek SkyRouter 6.00.11 are vulnerable

Trust: 2.7

sources: NVD: CVE-2017-14000 // JVNDB: JVNDB-2017-009406 // CNVD: CNVD-2017-27938 // BID: 100953 // IVD: 964483ce-3df4-4a34-9699-435e11647a62 // VULHUB: VHN-104679

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 964483ce-3df4-4a34-9699-435e11647a62 // CNVD: CNVD-2017-27938

AFFECTED PRODUCTS

vendor:ctekproductsmodel:skyrouter z4200scope:lteversion:6.00.05

Trust: 1.0

vendor:ctekproductsmodel:skyrouter z4400scope:lteversion:6.00.05

Trust: 1.0

vendor:ctekmodel:skyrouter series 4400scope:eqversion:6.00.11

Trust: 0.8

vendor:ctekmodel:skyrouter series 4400scope:ltversion:all versions

Trust: 0.8

vendor:ctekmodel:skyrouter series 4200scope:eqversion:6.00.11

Trust: 0.8

vendor:ctekmodel:skyrouter series 4200scope:ltversion:all versions

Trust: 0.8

vendor:ctekmodel:skyrouter seriesscope:eqversion:4200<6.00.11

Trust: 0.6

vendor:ctekmodel:skyrouter seriesscope:eqversion:4400<6.00.11

Trust: 0.6

vendor:ctekproductsmodel:skyrouter z4400scope:eqversion:6.00.05

Trust: 0.6

vendor:ctekproductsmodel:skyrouter z4200scope:eqversion:6.00.05

Trust: 0.6

vendor:ctekmodel:skyrouterscope:eqversion:43000

Trust: 0.3

vendor:ctekmodel:skyrouterscope:eqversion:42000

Trust: 0.3

vendor:ctekmodel:skyrouterscope:neversion:43006.00.11

Trust: 0.3

vendor:ctekmodel:skyrouterscope:neversion:42006.00.11

Trust: 0.3

vendor:skyrouter z4200model: - scope:eqversion:*

Trust: 0.2

vendor:skyrouter z4400model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 964483ce-3df4-4a34-9699-435e11647a62 // CNVD: CNVD-2017-27938 // BID: 100953 // JVNDB: JVNDB-2017-009406 // CNNVD: CNNVD-201709-1091 // NVD: CVE-2017-14000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14000
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-14000
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-27938
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-1091
value: CRITICAL

Trust: 0.6

IVD: 964483ce-3df4-4a34-9699-435e11647a62
value: CRITICAL

Trust: 0.2

VULHUB: VHN-104679
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14000
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-27938
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 964483ce-3df4-4a34-9699-435e11647a62
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-104679
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14000
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 5.5
version: 3.0

Trust: 1.8

sources: IVD: 964483ce-3df4-4a34-9699-435e11647a62 // CNVD: CNVD-2017-27938 // VULHUB: VHN-104679 // JVNDB: JVNDB-2017-009406 // CNNVD: CNNVD-201709-1091 // NVD: CVE-2017-14000

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-104679 // JVNDB: JVNDB-2017-009406 // NVD: CVE-2017-14000

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1091

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201709-1091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009406

PATCH
title:Top Pageurl:http://www.ctekproducts.com/
Trust: 0.8
title:CtekSkyRouter authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/102618
Trust: 0.6
title:Ctek SkyRouter Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75078
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-27938 // 
            
            
            
            JVNDB: JVNDB-2017-009406 // 
            
            
            
            CNNVD: CNNVD-201709-1091

EXTERNAL IDS
db:NVDid:CVE-2017-14000
Trust: 3.6
db:ICS CERTid:ICSA-17-264-02
Trust: 3.4
db:BIDid:100953
Trust: 2.0
db:CNNVDid:CNNVD-201709-1091
Trust: 0.9
db:CNVDid:CNVD-2017-27938
Trust: 0.8
db:JVNDBid:JVNDB-2017-009406
Trust: 0.8
db:IVDid:964483CE-3DF4-4A34-9699-435E11647A62
Trust: 0.2
db:VULHUBid:VHN-104679
Trust: 0.1
sources:
            
            
            IVD: 964483ce-3df4-4a34-9699-435e11647a62 // 
            
            
            
            CNVD: CNVD-2017-27938 // 
            
            
            
            VULHUB: VHN-104679 // 
            
            
            
            BID: 100953 // 
            
            
            
            JVNDB: JVNDB-2017-009406 // 
            
            
            
            CNNVD: CNNVD-201709-1091 // 
            
            
            
            NVD: CVE-2017-14000

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-264-02
Trust: 3.4
url:http://www.securityfocus.com/bid/100953
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14000
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14000
Trust: 0.8
url:http://www.ctekproducts.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-27938 // 
            
            
            
            VULHUB: VHN-104679 // 
            
            
            
            BID: 100953 // 
            
            
            
            JVNDB: JVNDB-2017-009406 // 
            
            
            
            CNNVD: CNNVD-201709-1091 // 
            
            
            
            NVD: CVE-2017-14000

CREDITS
Maxim Rupp
Trust: 0.9
sources:
            
            
            BID: 100953 // 
            
            
            
            CNNVD: CNNVD-201709-1091

SOURCES
db:IVDid:964483ce-3df4-4a34-9699-435e11647a62
db:CNVDid:CNVD-2017-27938
db:VULHUBid:VHN-104679
db:BIDid:100953
db:JVNDBid:JVNDB-2017-009406
db:CNNVDid:CNNVD-201709-1091
db:NVDid:CVE-2017-14000

LAST UPDATE DATE
2025-04-20T23:04:07.512000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-27938date:2017-09-22T00:00:00
db:VULHUBid:VHN-104679date:2019-10-09T00:00:00
db:BIDid:100953date:2017-09-21T00:00:00
db:JVNDBid:JVNDB-2017-009406date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201709-1091date:2019-10-17T00:00:00
db:NVDid:CVE-2017-14000date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:964483ce-3df4-4a34-9699-435e11647a62date:2017-09-22T00:00:00
db:CNVDid:CNVD-2017-27938date:2017-09-22T00:00:00
db:VULHUBid:VHN-104679date:2017-10-05T00:00:00
db:BIDid:100953date:2017-09-21T00:00:00
db:JVNDBid:JVNDB-2017-009406date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201709-1091date:2017-09-26T00:00:00
db:NVDid:CVE-2017-14000date:2017-10-05T01:29:05.273