Details of VAR-201801-1340

ID

VAR-201801-1340

CVE

CVE-2018-3813

TITLE

FLIR Brickstream 2300 Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-001266

DESCRIPTION

getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. FLIR Brickstream 2300 The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FLIR Brickstream 2300 is a customer flow analysis and statistics equipment of Canada FLIR company. An access control error vulnerability exists in the getConfigExportFile.cgi file in FLIR Brickstream 2300 version 2.0 4.1.53.166. An attacker could exploit this vulnerability to obtain information

Trust: 1.71

sources: NVD: CVE-2018-3813 // JVNDB: JVNDB-2018-001266 // VULHUB: VHN-133844

AFFECTED PRODUCTS

vendor:	flir	model:	brickstream 2300 3d\+	scope:	eq	version:	2.0_4.1.53.166	Trust: 1.6
vendor:	flir	model:	brickstream 2300 2d	scope:	eq	version:	2.0_4.1.53.166	Trust: 1.6
vendor:	flir	model:	brickstream 2300 3d	scope:	eq	version:	2.0_4.1.53.166	Trust: 1.6
vendor:	flir	model:	brickstream 2300 2d	scope:	eq	version:	2.0 4.1.53.166	Trust: 0.8
vendor:	flir	model:	brickstream 2300 3d	scope:	eq	version:	2.0 4.1.53.166	Trust: 0.8
vendor:	flir	model:	brickstream 2300 3d+	scope:	eq	version:	2.0 4.1.53.166	Trust: 0.8

sources: JVNDB: JVNDB-2018-001266 // CNNVD: CNNVD-201801-002 // NVD: CVE-2018-3813

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-3813
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-3813
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201801-002
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-133844
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-3813
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-133844
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-3813
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-133844 // JVNDB: JVNDB-2018-001266 // CNNVD: CNNVD-201801-002 // NVD: CVE-2018-3813

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-79	Trust: 0.1

sources: VULHUB: VHN-133844 // JVNDB: JVNDB-2018-001266 // NVD: CVE-2018-3813

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-002

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201801-002

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001266

PATCH

title:

Top Page

url:

http://www.brickstream.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-001266

EXTERNAL IDS

db:	NVD	id:	CVE-2018-3813	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-001266	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-002	Trust: 0.7
db:	SEEBUG	id:	SSVID-98151	Trust: 0.1
db:	VULHUB	id:	VHN-133844	Trust: 0.1

sources: VULHUB: VHN-133844 // JVNDB: JVNDB-2018-001266 // CNNVD: CNNVD-201801-002 // NVD: CVE-2018-3813

REFERENCES

url:	http://misteralfa-hack.blogspot.cl/2018/01/brickstream-recuento-y-seguimiento-de.html	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3813	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3813	Trust: 0.8
url:	http://misteralfa-hack.blogspot.jp/2018/01/brickstream-recuento-y-seguimiento-de.html	Trust: 0.8
url:	https://sku11army.blogspot.com/2020/01/flir-brickstream-recuento-y-seguimiento.html	Trust: 0.1

sources: VULHUB: VHN-133844 // JVNDB: JVNDB-2018-001266 // CNNVD: CNNVD-201801-002 // NVD: CVE-2018-3813

SOURCES

db:	VULHUB	id:	VHN-133844
db:	JVNDB	id:	JVNDB-2018-001266
db:	CNNVD	id:	CNNVD-201801-002
db:	NVD	id:	CVE-2018-3813

LAST UPDATE DATE

2024-11-23T22:00:42.258000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-133844	date:	2020-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-001266	date:	2018-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201801-002	date:	2018-01-03T00:00:00
db:	NVD	id:	CVE-2018-3813	date:	2024-11-21T04:06:05.080

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-133844	date:	2020-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-001266	date:	2018-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201801-002	date:	2018-01-03T00:00:00
db:	NVD	id:	CVE-2018-3813	date:	2018-01-01T20:29:00.207