Sign-up

ID

VAR-201801-1644


CVE

CVE-2018-5720


TITLE

DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-03369 // CNNVD: CNNVD-201801-1069

DESCRIPTION

An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc. DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extender The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DODOCOOLDC383-in-1N300MiniWirelessRangeExtend is a wireless signal expander from DODOCOOL, Hong Kong, China

Trust: 2.34

sources: NVD: CVE-2018-5720 // JVNDB: JVNDB-2018-001757 // CNVD: CNVD-2018-03369 // VULHUB: VHN-135752 // VULMON: CVE-2018-5720

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['network device']sub_category:Wi-Fi range extender

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-03369

AFFECTED PRODUCTS

vendor:dodocoolmodel:dc38scope:eqversion:rtn2-aw.gd.r3465.1.20161103

Trust: 2.4

vendor:dodocoolmodel:dc38 3-in-1 n300 mini wireless range extend rtn2-aw.gd.r3465.1.20161103scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-03369 // JVNDB: JVNDB-2018-001757 // CNNVD: CNNVD-201801-1069 // NVD: CVE-2018-5720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5720
value: HIGH

Trust: 1.0

NVD: CVE-2018-5720
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-03369
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-1069
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135752
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-5720
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5720
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-03369
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135752
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5720
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-03369 // VULHUB: VHN-135752 // VULMON: CVE-2018-5720 // JVNDB: JVNDB-2018-001757 // CNNVD: CNNVD-201801-1069 // NVD: CVE-2018-5720

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-135752 // JVNDB: JVNDB-2018-001757 // NVD: CVE-2018-5720

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-1069

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201801-1069

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001757

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-135752 // 
            
            
            
            VULMON: CVE-2018-5720

PATCH
title:DC38url:https://www.dodocool.com/p-dc38weu.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-001757

EXTERNAL IDS
db:NVDid:CVE-2018-5720
Trust: 3.3
db:EXPLOIT-DBid:43898
Trust: 3.2
db:JVNDBid:JVNDB-2018-001757
Trust: 0.8
db:CNNVDid:CNNVD-201801-1069
Trust: 0.7
db:CNVDid:CNVD-2018-03369
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:PACKETSTORMid:146138
Trust: 0.1
db:VULHUBid:VHN-135752
Trust: 0.1
db:VULMONid:CVE-2018-5720
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-03369 // 
            
            
            
            VULHUB: VHN-135752 // 
            
            
            
            VULMON: CVE-2018-5720 // 
            
            
            
            JVNDB: JVNDB-2018-001757 // 
            
            
            
            CNNVD: CNNVD-201801-1069 // 
            
            
            
            NVD: CVE-2018-5720

REFERENCES
url:https://www.exploit-db.com/exploits/43898/
Trust: 3.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5720
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5720
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2018-03369 // 
            
            
            
            VULHUB: VHN-135752 // 
            
            
            
            VULMON: CVE-2018-5720 // 
            
            
            
            JVNDB: JVNDB-2018-001757 // 
            
            
            
            CNNVD: CNNVD-201801-1069 // 
            
            
            
            NVD: CVE-2018-5720

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2018-03369
db:VULHUBid:VHN-135752
db:VULMONid:CVE-2018-5720
db:JVNDBid:JVNDB-2018-001757
db:CNNVDid:CNNVD-201801-1069
db:NVDid:CVE-2018-5720

LAST UPDATE DATE
2025-01-30T20:52:14.082000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03369date:2018-02-23T00:00:00
db:VULHUBid:VHN-135752date:2018-02-21T00:00:00
db:VULMONid:CVE-2018-5720date:2018-02-21T00:00:00
db:JVNDBid:JVNDB-2018-001757date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201801-1069date:2018-01-30T00:00:00
db:NVDid:CVE-2018-5720date:2024-11-21T04:09:14.603

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-03369date:2018-02-23T00:00:00
db:VULHUBid:VHN-135752date:2018-01-29T00:00:00
db:VULMONid:CVE-2018-5720date:2018-01-29T00:00:00
db:JVNDBid:JVNDB-2018-001757date:2018-03-06T00:00:00
db:CNNVDid:CNNVD-201801-1069date:2018-01-30T00:00:00
db:NVDid:CVE-2018-5720date:2018-01-29T05:29:00.340