ID
CVE
TITLE
Intelbras TELEFONE IP Path traversal vulnerability
sources:
JVNDB: JVNDB-2018-003418
DESCRIPTION
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. Intelbras TELEFONE IP Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelbrasTELEFONEIPTIP200/200LITE is an IP phone product from Intelbras of Brazil. A security vulnerability exists in the IntelbrasTELEFONEIPTIP200/200LITE60.0.75.29 release. A remote attacker can exploit this vulnerability to read arbitrary files by sending a \342\200\230page\342\200\231 parameter to the /cgi-bin/cgiServer.exx file
sources:
NVD: CVE-2018-9010 //
JVNDB: JVNDB-2018-003418 //
CNVD: CNVD-2018-07709 //
VULHUB: VHN-139042
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | |
sources:
CNVD: CNVD-2018-07709
AFFECTED PRODUCTS
| vendor: | intelbras | model: | telefone ip | scope: | eq | version: | 60.0.75.29 | |
| vendor: | intelbras | model: | tip200 | scope: | eq | version: | 60.0.75.29 | |
| vendor: | intelbras | model: | tip200lite | scope: | eq | version: | 60.0.75.29 | |
| vendor: | intelbras | model: | telefone ip tip200/200 lite | scope: | eq | version: | 60.0.75.29 | |
sources:
CNVD: CNVD-2018-07709 //
JVNDB: JVNDB-2018-003418 //
CNNVD: CNNVD-201803-846 //
NVD: CVE-2018-9010
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| nvd@nist.gov: | CVE-2018-9010 | |
|
| value: | HIGH | | | NVD: | CVE-2018-9010 | |
|
| value: | CRITICAL | | | CNVD: | CNVD-2018-07709 | |
|
| value: | MEDIUM | | | CNNVD: | CNNVD-201803-846 | |
|
| value: | HIGH | | | VULHUB: | VHN-139042 | |
|
| value: | MEDIUM | |
| | nvd@nist.gov: | CVE-2018-9010 | |
|
| severity: | MEDIUM | | baseScore: | 4.0 | | vectorString: | AV:N/AC:L/AU:S/C:P/I:N/A:N | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | SINGLE | | confidentialityImpact: | PARTIAL | | integrityImpact: | NONE | | availabilityImpact: | NONE | | exploitabilityScore: | 8.0 | | impactScore: | 2.9 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | NVD: | CVE-2018-9010 | |
|
| severity: | MEDIUM | | baseScore: | 5.0 | | vectorString: | AV:N/AC:L/AU:N/C:P/I:N/A:N | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | NONE | | availabilityImpact: | NONE | | exploitabilityScore: | NONE | | impactScore: | NONE | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | CNVD: | CNVD-2018-07709 | |
|
| severity: | MEDIUM | | baseScore: | 5.0 | | vectorString: | AV:N/AC:L/AU:N/C:P/I:N/A:N | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | NONE | | availabilityImpact: | NONE | | exploitabilityScore: | 10.0 | | impactScore: | 2.9 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | VULHUB: | VHN-139042 | |
|
| severity: | MEDIUM | | baseScore: | 5.0 | | vectorString: | AV:N/AC:L/AU:N/C:P/I:N/A:N | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | NONE | | confidentialityImpact: | PARTIAL | | integrityImpact: | NONE | | availabilityImpact: | NONE | | exploitabilityScore: | 10.0 | | impactScore: | 2.9 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | nvd@nist.gov: | CVE-2018-9010 | |
|
| baseSeverity: | HIGH | | baseScore: | 7.2 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | HIGH | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | 1.2 | | impactScore: | 5.9 | | version: | 3.1 | | | NVD: | CVE-2018-9010 | |
|
| baseSeverity: | CRITICAL | | baseScore: | 9.8 | | vectorString: | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | NONE | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
CNVD: CNVD-2018-07709 //
VULHUB: VHN-139042 //
JVNDB: JVNDB-2018-003418 //
CNNVD: CNNVD-201803-846 //
NVD: CVE-2018-9010
PROBLEMTYPE DATA
sources:
VULHUB: VHN-139042 //
JVNDB: JVNDB-2018-003418 //
NVD: CVE-2018-9010
THREAT TYPE
sources:
CNNVD: CNNVD-201803-846
TYPE
sources:
CNNVD: CNNVD-201803-846
CONFIGURATIONS
sources:
JVNDB: JVNDB-2018-003418
PATCH
| title: | Telefone IP | url: | http://www.intelbras.com.br/sites/default/files/downloads/lamina_tip-200-lite_e_tip-200.pdf | |
sources:
JVNDB: JVNDB-2018-003418
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-9010 | |
| db: | EXPLOIT-DB | id: | 44317 | |
| db: | JVNDB | id: | JVNDB-2018-003418 | |
| db: | CNNVD | id: | CNNVD-201803-846 | |
| db: | CNVD | id: | CNVD-2018-07709 | |
| db: | VULHUB | id: | VHN-139042 | |
sources:
CNVD: CNVD-2018-07709 //
VULHUB: VHN-139042 //
JVNDB: JVNDB-2018-003418 //
CNNVD: CNNVD-201803-846 //
NVD: CVE-2018-9010
REFERENCES
| url: | https://www.exploit-db.com/exploits/44317/ | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-9010 | |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9010 | |
sources:
CNVD: CNVD-2018-07709 //
VULHUB: VHN-139042 //
JVNDB: JVNDB-2018-003418 //
CNNVD: CNNVD-201803-846 //
NVD: CVE-2018-9010
SOURCES
| db: | CNVD | id: | CNVD-2018-07709 |
| db: | VULHUB | id: | VHN-139042 |
| db: | JVNDB | id: | JVNDB-2018-003418 |
| db: | CNNVD | id: | CNNVD-201803-846 |
| db: | NVD | id: | CVE-2018-9010 |
LAST UPDATE DATE
2024-11-23T22:41:53.528000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-07709 | date: | 2018-04-16T00:00:00 |
| db: | VULHUB | id: | VHN-139042 | date: | 2018-04-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-003418 | date: | 2018-05-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201803-846 | date: | 2021-09-10T00:00:00 |
| db: | NVD | id: | CVE-2018-9010 | date: | 2024-11-21T04:14:47.080 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-07709 | date: | 2018-04-16T00:00:00 |
| db: | VULHUB | id: | VHN-139042 | date: | 2018-03-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-003418 | date: | 2018-05-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201803-846 | date: | 2018-03-26T00:00:00 |
| db: | NVD | id: | CVE-2018-9010 | date: | 2018-03-25T18:29:00.207 |
