ID

VAR-201803-2173


CVE

CVE-2018-7473


TITLE

SO Connect SO WIFI Hot spot Web Open redirect vulnerability in interface

Trust: 0.8

sources: JVNDB: JVNDB-2018-002707

DESCRIPTION

Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. SOConnectSOWIFIhotspot is a Wi-Fi hotspot device. Webinterface which is a web management interface. An open redirect vulnerability exists in the SOConnectSOWIFIhotspotwebinterface 137 release

Trust: 2.25

sources: NVD: CVE-2018-7473 // JVNDB: JVNDB-2018-002707 // CNVD: CNVD-2018-06098 // VULHUB: VHN-137505

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06098

AFFECTED PRODUCTS

vendor:soconnectmodel:sowifi hotspotscope:eqversion:140

Trust: 1.0

vendor:so connectmodel:wifiscope:ltversion:140

Trust: 0.8

vendor:somodel:connect so wifi hotspotscope:eqversion:137

Trust: 0.6

vendor:sowifimodel:connect so wifi hotspotscope:eqversion:140

Trust: 0.6

sources: CNVD: CNVD-2018-06098 // JVNDB: JVNDB-2018-002707 // CNNVD: CNNVD-201803-195 // NVD: CVE-2018-7473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7473
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7473
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-06098
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-195
value: MEDIUM

Trust: 0.6

VULHUB: VHN-137505
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7473
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06098
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-137505
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7473
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2018-7473
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-06098 // VULHUB: VHN-137505 // JVNDB: JVNDB-2018-002707 // CNNVD: CNNVD-201803-195 // NVD: CVE-2018-7473

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-137505 // JVNDB: JVNDB-2018-002707 // NVD: CVE-2018-7473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-195

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201803-195

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002707

PATCH

title:Top Pageurl:https://sowifi.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-002707

EXTERNAL IDS

db:NVDid:CVE-2018-7473

Trust: 3.1

db:JVNDBid:JVNDB-2018-002707

Trust: 0.8

db:CNVDid:CNVD-2018-06098

Trust: 0.6

db:CNNVDid:CNNVD-201803-195

Trust: 0.6

db:VULHUBid:VHN-137505

Trust: 0.1

sources: CNVD: CNVD-2018-06098 // VULHUB: VHN-137505 // JVNDB: JVNDB-2018-002707 // CNNVD: CNNVD-201803-195 // NVD: CVE-2018-7473

REFERENCES

url:https://blog.redyops.com/cve-2018-7473-open-url-redirection-vulnerability/

Trust: 3.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7473

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-7473

Trust: 0.8

sources: CNVD: CNVD-2018-06098 // VULHUB: VHN-137505 // JVNDB: JVNDB-2018-002707 // CNNVD: CNNVD-201803-195 // NVD: CVE-2018-7473

SOURCES

db:CNVDid:CNVD-2018-06098
db:VULHUBid:VHN-137505
db:JVNDBid:JVNDB-2018-002707
db:CNNVDid:CNNVD-201803-195
db:NVDid:CVE-2018-7473

LAST UPDATE DATE

2024-11-23T22:41:53.369000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-06098date:2018-03-23T00:00:00
db:VULHUBid:VHN-137505date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-002707date:2018-04-25T00:00:00
db:CNNVDid:CNNVD-201803-195date:2021-09-10T00:00:00
db:NVDid:CVE-2018-7473date:2024-11-21T04:12:11.910

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-06098date:2018-03-23T00:00:00
db:VULHUBid:VHN-137505date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2018-002707date:2018-04-25T00:00:00
db:CNNVDid:CNNVD-201803-195date:2018-03-08T00:00:00
db:NVDid:CVE-2018-7473date:2018-03-07T15:29:00.337