Sign-up

ID

VAR-201803-2029


CVE

CVE-2018-9162


TITLE

Contec Smart Home Vulnerabilities related to lack of authentication for critical functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-004071

DESCRIPTION

Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. Contec Smart Home Is vulnerable to a lack of authentication for critical functions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contec Smart Home is a smart home management system for managing connected smart home devices. There is a security vulnerability in Contec Smart Home version 4.15. The vulnerability stems from the fact that the program does not require authentication for the new_user.php, edit_user.php, delete_user.php and user.php files

Trust: 1.8

sources: NVD: CVE-2018-9162 // JVNDB: JVNDB-2018-004071 // VULHUB: VHN-139194 // VULMON: CVE-2018-9162

IOT TAXONOMY

category:['home & office device']sub_category:smart home device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:contec touchmodel:smart homescope:eqversion:4.15

Trust: 2.4

sources: JVNDB: JVNDB-2018-004071 // CNNVD: CNNVD-201804-010 // NVD: CVE-2018-9162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9162
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-9162
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-010
value: HIGH

Trust: 0.6

VULHUB: VHN-139194
value: HIGH

Trust: 0.1

VULMON: CVE-2018-9162
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-9162
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-139194
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9162
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139194 // VULMON: CVE-2018-9162 // JVNDB: JVNDB-2018-004071 // CNNVD: CNNVD-201804-010 // NVD: CVE-2018-9162

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-139194 // JVNDB: JVNDB-2018-004071 // NVD: CVE-2018-9162

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-010

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-010

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004071

PATCH
title:Top Pageurl:http://www.contec-touch.com
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-004071

EXTERNAL IDS
db:NVDid:CVE-2018-9162
Trust: 2.7
db:EXPLOIT-DBid:44295
Trust: 2.6
db:JVNDBid:JVNDB-2018-004071
Trust: 0.8
db:CNNVDid:CNNVD-201804-010
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-139194
Trust: 0.1
db:VULMONid:CVE-2018-9162
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-139194 // 
            
            
            
            VULMON: CVE-2018-9162 // 
            
            
            
            JVNDB: JVNDB-2018-004071 // 
            
            
            
            CNNVD: CNNVD-201804-010 // 
            
            
            
            NVD: CVE-2018-9162

REFERENCES
url:https://www.exploit-db.com/exploits/44295/
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9162
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9162
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-139194 // 
            
            
            
            VULMON: CVE-2018-9162 // 
            
            
            
            JVNDB: JVNDB-2018-004071 // 
            
            
            
            CNNVD: CNNVD-201804-010 // 
            
            
            
            NVD: CVE-2018-9162

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-139194
db:VULMONid:CVE-2018-9162
db:JVNDBid:JVNDB-2018-004071
db:CNNVDid:CNNVD-201804-010
db:NVDid:CVE-2018-9162

LAST UPDATE DATE
2025-01-30T21:16:34.315000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139194date:2018-05-15T00:00:00
db:VULMONid:CVE-2018-9162date:2018-05-15T00:00:00
db:JVNDBid:JVNDB-2018-004071date:2018-06-11T00:00:00
db:CNNVDid:CNNVD-201804-010date:2018-04-03T00:00:00
db:NVDid:CVE-2018-9162date:2024-11-21T04:15:06.680

SOURCES RELEASE DATE
db:VULHUBid:VHN-139194date:2018-03-31T00:00:00
db:VULMONid:CVE-2018-9162date:2018-03-31T00:00:00
db:JVNDBid:JVNDB-2018-004071date:2018-06-11T00:00:00
db:CNNVDid:CNNVD-201804-010date:2018-03-31T00:00:00
db:NVDid:CVE-2018-9162date:2018-03-31T22:29:00.417