Sign-up

ID

VAR-201804-1120


CVE

CVE-2018-1146


TITLE

Belkin N750 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-004170

DESCRIPTION

A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access. Belkin N750 Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. The Belkin N750 is a wireless router product. The Belkin N7501.10.22 version has a security flaw in its implementation

Trust: 2.25

sources: NVD: CVE-2018-1146 // JVNDB: JVNDB-2018-004170 // CNVD: CNVD-2018-09898 // VULHUB: VHN-121321

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09898

AFFECTED PRODUCTS

vendor:belkinmodel:n750scope:eqversion:1.10.22

Trust: 1.6

vendor:belkinmodel:play n750 db wireless dual-band n+ routerscope:eqversion:1.10.22

Trust: 0.8

vendor:belkinmodel:n750 f9k1110scope:eqversion:1.10.22

Trust: 0.6

sources: CNVD: CNVD-2018-09898 // JVNDB: JVNDB-2018-004170 // CNNVD: CNNVD-201804-1128 // NVD: CVE-2018-1146

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1146
value: HIGH

Trust: 1.0

NVD: CVE-2018-1146
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-09898
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-1128
value: HIGH

Trust: 0.6

VULHUB: VHN-121321
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1146
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2018-1146
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2018-09898
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-121321
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1146
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2018-1146
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-09898 // VULHUB: VHN-121321 // JVNDB: JVNDB-2018-004170 // CNNVD: CNNVD-201804-1128 // NVD: CVE-2018-1146

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-121321 // JVNDB: JVNDB-2018-004170 // NVD: CVE-2018-1146

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1128

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201804-1128

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004170

PATCH
title:TRA-2018-08url:http://www.belkin.com/us/p/P-F9K1103/
Trust: 0.8
title:BelkinN750 is not authorized to access the patchurl:https://www.cnvd.org.cn/patchInfo/show/129649
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09898 // 
            
            
            
            JVNDB: JVNDB-2018-004170

EXTERNAL IDS
db:NVDid:CVE-2018-1146
Trust: 3.1
db:TENABLEid:TRA-2018-08
Trust: 2.5
db:JVNDBid:JVNDB-2018-004170
Trust: 0.8
db:CNVDid:CNVD-2018-09898
Trust: 0.6
db:CNNVDid:CNNVD-201804-1128
Trust: 0.6
db:VULHUBid:VHN-121321
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09898 // 
            
            
            
            VULHUB: VHN-121321 // 
            
            
            
            JVNDB: JVNDB-2018-004170 // 
            
            
            
            CNNVD: CNNVD-201804-1128 // 
            
            
            
            NVD: CVE-2018-1146

REFERENCES
url:https://www.tenable.com/security/research/tra-2018-08
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-1146
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1146
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-09898 // 
            
            
            
            VULHUB: VHN-121321 // 
            
            
            
            JVNDB: JVNDB-2018-004170 // 
            
            
            
            CNNVD: CNNVD-201804-1128 // 
            
            
            
            NVD: CVE-2018-1146

SOURCES
db:CNVDid:CNVD-2018-09898
db:VULHUBid:VHN-121321
db:JVNDBid:JVNDB-2018-004170
db:CNNVDid:CNNVD-201804-1128
db:NVDid:CVE-2018-1146

LAST UPDATE DATE
2024-11-23T22:12:33.340000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09898date:2018-05-21T00:00:00
db:VULHUBid:VHN-121321date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-004170date:2018-06-12T00:00:00
db:CNNVDid:CNNVD-201804-1128date:2019-10-23T00:00:00
db:NVDid:CVE-2018-1146date:2024-11-21T03:59:16.983

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09898date:2018-05-21T00:00:00
db:VULHUBid:VHN-121321date:2018-04-19T00:00:00
db:JVNDBid:JVNDB-2018-004170date:2018-06-12T00:00:00
db:CNNVDid:CNNVD-201804-1128date:2018-04-19T00:00:00
db:NVDid:CVE-2018-1146date:2018-04-19T13:29:00.403