Details of VAR-201710-1445

ID

VAR-201710-1445

TITLE

China Mobile and routing app have ftp backdoor vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-27725

DESCRIPTION

China Mobile and Routing APP is a mobile phone supporting service software for He · Routing. China Mobile and routing APP have ftp backdoor vulnerability. The vulnerability is caused by the ftp account password being written into the application, An attacker can use the vulnerability to obtain ftp account information, log in to the route to obtain information about its stored files, and further use it to log in to telnet.

Trust: 0.6

sources: CNVD: CNVD-2017-27725

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-27725

AFFECTED PRODUCTS

vendor:

mobile

model:

and routing app

scope:

version:

v1.3.4

Trust: 0.6

sources: CNVD: CNVD-2017-27725

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-27725
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2017-27725
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-27725

PATCH

title:

China Mobile and routing app have telnet and ftp backdoor vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/101531

Trust: 0.6

sources: CNVD: CNVD-2017-27725

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-27725

Trust: 0.6

sources: CNVD: CNVD-2017-27725

SOURCES

db:

CNVD

id:

CNVD-2017-27725

LAST UPDATE DATE

2022-05-04T08:55:38.083000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-27725

date:

2017-10-02T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-27725

date:

2017-10-18T00:00:00