Sign-up

ID

VAR-201712-0792


CVE

CVE-2017-13664


TITLE

iSmartAlarm CubeOne Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-010952

DESCRIPTION

Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. iSmartAlarm CubeOne Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. iSmartAlarm CubeOne is a smart home central control device produced by iSmartAlarm in the United States. There are security vulnerabilities in the firmware of iSmartAlarm CubeOne 2.2.4.8 and earlier versions

Trust: 1.71

sources: NVD: CVE-2017-13664 // JVNDB: JVNDB-2017-010952 // VULHUB: VHN-104309

AFFECTED PRODUCTS

vendor:ismartalarmmodel:cubeonescope:lteversion:2.2.4.8

Trust: 1.0

vendor:ismart alarmmodel:cubeonescope:lteversion:2.2.4.8

Trust: 0.8

vendor:ismartalarmmodel:cubeonescope:eqversion:2.2.4.8

Trust: 0.6

sources: JVNDB: JVNDB-2017-010952 // CNNVD: CNNVD-201708-1091 // NVD: CVE-2017-13664

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13664
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-13664
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201708-1091
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104309
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13664
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-104309
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13664
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104309 // JVNDB: JVNDB-2017-010952 // CNNVD: CNNVD-201708-1091 // NVD: CVE-2017-13664

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-104309 // JVNDB: JVNDB-2017-010952 // NVD: CVE-2017-13664

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1091

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-1091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010952

PATCH
title:CubeOneurl:https://www.ismartalarm.com/p/ISA00011/cubeone
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-010952

EXTERNAL IDS
db:NVDid:CVE-2017-13664
Trust: 2.5
db:JVNDBid:JVNDB-2017-010952
Trust: 0.8
db:CNNVDid:CNNVD-201708-1091
Trust: 0.7
db:VULHUBid:VHN-104309
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104309 // 
            
            
            
            JVNDB: JVNDB-2017-010952 // 
            
            
            
            CNNVD: CNNVD-201708-1091 // 
            
            
            
            NVD: CVE-2017-13664

REFERENCES
url:https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13664
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13664
Trust: 0.8
sources:
            
            
            VULHUB: VHN-104309 // 
            
            
            
            JVNDB: JVNDB-2017-010952 // 
            
            
            
            CNNVD: CNNVD-201708-1091 // 
            
            
            
            NVD: CVE-2017-13664

SOURCES
db:VULHUBid:VHN-104309
db:JVNDBid:JVNDB-2017-010952
db:CNNVDid:CNNVD-201708-1091
db:NVDid:CVE-2017-13664

LAST UPDATE DATE
2025-04-20T23:42:03.417000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104309date:2017-12-18T00:00:00
db:JVNDBid:JVNDB-2017-010952date:2017-12-27T00:00:00
db:CNNVDid:CNNVD-201708-1091date:2017-12-04T00:00:00
db:NVDid:CVE-2017-13664date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-104309date:2017-12-01T00:00:00
db:JVNDBid:JVNDB-2017-010952date:2017-12-27T00:00:00
db:CNNVDid:CNNVD-201708-1091date:2017-08-25T00:00:00
db:NVDid:CVE-2017-13664date:2017-12-01T17:29:00.277