Sign-up

ID

VAR-201711-1239


TITLE

Information Disclosure Vulnerability in Flying Fish Star VE602W + Router

Trust: 0.6

sources: CNVD: CNVD-2017-35720

DESCRIPTION

Flying Fish Star VE602W + is a new Internet behavior management router developed by Chengdu Flying Fish Star Technology Development Co., Ltd. There is an information disclosure vulnerability in the Flying Fish Star VE602W + router. The vulnerability is caused by the leak of the flying fish star VE602W + router administrator password hash. After the attacker uses the vulnerability to crack the hash to log in to the router, he can execute arbitrary shell commands through the unfiltered PING_HOSTIP parameter and obtain the telnet and ssh login account passwords.

Trust: 0.6

sources: CNVD: CNVD-2017-35720

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-35720

AFFECTED PRODUCTS

vendor:feiyuxingmodel:ve602w build-a3w1038scope:eqversion:+

Trust: 0.6

sources: CNVD: CNVD-2017-35720

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-35720
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-35720
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-35720

PATCH

title:Flying Fish Star VE602W + router has multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/103460

Trust: 0.6

sources: CNVD: CNVD-2017-35720

EXTERNAL IDS

db:CNVDid:CNVD-2017-35720

Trust: 0.6

sources: CNVD: CNVD-2017-35720

SOURCES

db:CNVDid:CNVD-2017-35720

LAST UPDATE DATE

2022-05-04T10:19:20.440000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-35720date:2017-12-04T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-35720date:2017-11-20T00:00:00