Sign-up

ID

VAR-201802-1191


CVE

CVE-2018-6827


TITLE

VOBOT CLOCK Device validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002125

DESCRIPTION

VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option. VOBOT CLOCK The device contains a certificate validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. VobotClock is a smart bedside alarm clock with AmazonAlexa, SleepCoach and DailyRoutine programs. An information disclosure vulnerability exists in versions prior to VOBOTCLOCK0.99.30. The vulnerability is caused by the fact that the Vobot firmware did not verify the certificate of the web service it is connected to. An attacker could exploit this vulnerability for a TLS man-in-the-middle attack to gain sensitive information and execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2018-6827 // JVNDB: JVNDB-2018-002125 // CNVD: CNVD-2018-03786

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-03786

AFFECTED PRODUCTS

vendor:omninovamodel:vobotscope:ltversion:0.99.30

Trust: 1.8

vendor:vobotmodel:clockscope:ltversion:0.99.30

Trust: 0.6

sources: CNVD: CNVD-2018-03786 // JVNDB: JVNDB-2018-002125 // NVD: CVE-2018-6827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6827
value: HIGH

Trust: 1.0

NVD: CVE-2018-6827
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-03786
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201802-344
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-6827
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-03786
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-6827
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-03786 // JVNDB: JVNDB-2018-002125 // CNNVD: CNNVD-201802-344 // NVD: CVE-2018-6827

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.8

sources: JVNDB: JVNDB-2018-002125 // NVD: CVE-2018-6827

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-344

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201802-344

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002125

PATCH
title:VOBOT CLOCKurl:https://getvobot.com/clock
Trust: 0.8
title:Patch for VobotClock Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/119219
Trust: 0.6
title:VOBOT CLOCK Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78439
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03786 // 
            
            
            
            JVNDB: JVNDB-2018-002125 // 
            
            
            
            CNNVD: CNNVD-201802-344

EXTERNAL IDS
db:NVDid:CVE-2018-6827
Trust: 3.0
db:JVNDBid:JVNDB-2018-002125
Trust: 0.8
db:CNVDid:CNVD-2018-03786
Trust: 0.6
db:CNNVDid:CNNVD-201802-344
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03786 // 
            
            
            
            JVNDB: JVNDB-2018-002125 // 
            
            
            
            CNNVD: CNNVD-201802-344 // 
            
            
            
            NVD: CVE-2018-6827

REFERENCES
url:http://stacksmashing.net/cve-2018-6827.html
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-6827
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6827
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-03786 // 
            
            
            
            JVNDB: JVNDB-2018-002125 // 
            
            
            
            CNNVD: CNNVD-201802-344 // 
            
            
            
            NVD: CVE-2018-6827

SOURCES
db:CNVDid:CNVD-2018-03786
db:JVNDBid:JVNDB-2018-002125
db:CNNVDid:CNNVD-201802-344
db:NVDid:CVE-2018-6827

LAST UPDATE DATE
2024-11-23T22:41:58.184000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03786date:2018-02-28T00:00:00
db:JVNDBid:JVNDB-2018-002125date:2018-03-26T00:00:00
db:CNNVDid:CNNVD-201802-344date:2018-02-11T00:00:00
db:NVDid:CVE-2018-6827date:2024-11-21T04:11:15.270

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-03786date:2018-02-28T00:00:00
db:JVNDBid:JVNDB-2018-002125date:2018-03-26T00:00:00
db:CNNVDid:CNNVD-201802-344date:2018-02-11T00:00:00
db:NVDid:CVE-2018-6827date:2018-02-09T15:29:00.300