Sign-up

ID

VAR-201711-1237


TITLE

Login bypass bypass vulnerability exists in a number of Ali Smart routers

Trust: 0.6

sources: CNVD: CNVD-2017-32764

DESCRIPTION

Touchcloud os is the only intelligent routing os adopted by Alibaba. All Alibaba smart routers use Touchcloud firmware programs and can be controlled using the Ali smart app. A number of Ali smart routers have login bypass bypass vulnerabilities. Attackers can use the loopholes to bypass the login interface and obtain administrator rights.

Trust: 0.6

sources: CNVD: CNVD-2017-32764

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32764

AFFECTED PRODUCTS

vendor:touch cloudmodel:osscope:ltversion:9.26

Trust: 0.6

sources: CNVD: CNVD-2017-32764

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-32764
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-32764
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-32764

PATCH

title:Touch Cloud OS has login bypass vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/103011

Trust: 0.6

sources: CNVD: CNVD-2017-32764

EXTERNAL IDS

db:CNVDid:CNVD-2017-32764

Trust: 0.6

sources: CNVD: CNVD-2017-32764

SOURCES

db:CNVDid:CNVD-2017-32764

LAST UPDATE DATE

2022-05-04T09:56:42.885000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-32764date:2019-05-07T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-32764date:2017-11-11T00:00:00