Sign-up

ID

VAR-201803-1969


CVE

CVE-2018-9031


TITLE

TNLSoftSolutions Sentry Vision Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-003576

DESCRIPTION

The login interface on TNLSoftSolutions Sentry Vision 3.x devices provides password disclosure by reading an "if(pwd ==" line in the HTML source code. This means, in effect, that authentication occurs only on the client side. TNLSoftSolutions Sentry Vision The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TNLSoftSolutionsSentry is a network camera device from TNLSoftSolutions, USA. A security vulnerability exists in the login page in TNLSoftSolutionsSentry 3.x

Trust: 2.16

sources: NVD: CVE-2018-9031 // JVNDB: JVNDB-2018-003576 // CNVD: CNVD-2018-08101

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08101

AFFECTED PRODUCTS

vendor:tnlsoftsolutionsmodel:sentry visionscope:eqversion:3.1

Trust: 1.6

vendor:tnlsoftsolutionsmodel:sentry visionscope:eqversion:3.2

Trust: 1.6

vendor:tnlsoftsolutionsmodel:sentry visionscope:eqversion:3.0

Trust: 1.6

vendor:tnlsoftsolutionsmodel:sentry visionscope:eqversion:3.x

Trust: 0.8

vendor:tnlsoftsolutionsmodel:sentryscope:eqversion:3.x

Trust: 0.6

sources: CNVD: CNVD-2018-08101 // JVNDB: JVNDB-2018-003576 // CNNVD: CNNVD-201803-1127 // NVD: CVE-2018-9031

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9031
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-9031
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-08101
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-1127
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-9031
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08101
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-9031
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08101 // JVNDB: JVNDB-2018-003576 // CNNVD: CNNVD-201803-1127 // NVD: CVE-2018-9031

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2018-003576 // NVD: CVE-2018-9031

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1127

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-1127

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003576

EXTERNAL IDS
db:NVDid:CVE-2018-9031
Trust: 3.0
db:JVNDBid:JVNDB-2018-003576
Trust: 0.8
db:CNVDid:CNVD-2018-08101
Trust: 0.6
db:CNNVDid:CNNVD-201803-1127
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08101 // 
            
            
            
            JVNDB: JVNDB-2018-003576 // 
            
            
            
            CNNVD: CNNVD-201803-1127 // 
            
            
            
            NVD: CVE-2018-9031

REFERENCES
url:https://gist.github.com/pabloonicarres/c2c284ca7b025d629da39087445ed15d#file-sentryvision_authentication_bypass-sh
Trust: 2.4
url:https://www.youtube.com/watch?v=plmh9vgprco
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9031
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9031
Trust: 0.8
url:https://gist.github.com/pabloonicarres/c2c284ca7b025d629da39087445ed15d#file
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08101 // 
            
            
            
            JVNDB: JVNDB-2018-003576 // 
            
            
            
            CNNVD: CNNVD-201803-1127 // 
            
            
            
            NVD: CVE-2018-9031

SOURCES
db:CNVDid:CNVD-2018-08101
db:JVNDBid:JVNDB-2018-003576
db:CNNVDid:CNNVD-201803-1127
db:NVDid:CVE-2018-9031

LAST UPDATE DATE
2024-11-23T22:55:55.328000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08101date:2018-04-23T00:00:00
db:JVNDBid:JVNDB-2018-003576date:2018-05-28T00:00:00
db:CNNVDid:CNNVD-201803-1127date:2019-10-23T00:00:00
db:NVDid:CVE-2018-9031date:2024-11-21T04:14:49.337

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08101date:2018-04-23T00:00:00
db:JVNDBid:JVNDB-2018-003576date:2018-05-28T00:00:00
db:CNNVDid:CNNVD-201803-1127date:2018-03-30T00:00:00
db:NVDid:CVE-2018-9031date:2018-03-29T16:29:00.207