ID

VAR-201805-0261


CVE

CVE-2018-10544


TITLE

Meross MSS110 Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004938

DESCRIPTION

Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. Meross MSS110 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Meross MSS110 is a smart WiFi socket device produced by China Meross Technology Company. There are security vulnerabilities in Meross MSS110 1.1.24 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service or obtain information

Trust: 1.71

sources: NVD: CVE-2018-10544 // JVNDB: JVNDB-2018-004938 // VULHUB: VHN-120314

AFFECTED PRODUCTS

vendor:merossmodel:mss110scope:lteversion:1.1.24

Trust: 1.8

vendor:merossmodel:mss110scope:eqversion:1.1.24

Trust: 0.6

sources: JVNDB: JVNDB-2018-004938 // CNNVD: CNNVD-201805-130 // NVD: CVE-2018-10544

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10544
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-10544
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201805-130
value: MEDIUM

Trust: 0.6

VULHUB: VHN-120314
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-10544
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-120314
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10544
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-120314 // JVNDB: JVNDB-2018-004938 // CNNVD: CNNVD-201805-130 // NVD: CVE-2018-10544

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-120314 // JVNDB: JVNDB-2018-004938 // NVD: CVE-2018-10544

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-130

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201805-130

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004938

PATCH

title:Smart WiFi Plug Miniurl:http://meross.com/products/home_automation/smart_wi_fi_plug/12.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-004938

EXTERNAL IDS

db:NVDid:CVE-2018-10544

Trust: 2.5

db:JVNDBid:JVNDB-2018-004938

Trust: 0.8

db:CNNVDid:CNNVD-201805-130

Trust: 0.7

db:VULHUBid:VHN-120314

Trust: 0.1

sources: VULHUB: VHN-120314 // JVNDB: JVNDB-2018-004938 // CNNVD: CNNVD-201805-130 // NVD: CVE-2018-10544

REFERENCES

url:https://garrettmiller.github.io/meross-mss110-vuln/

Trust: 2.5

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10544

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-10544

Trust: 0.8

sources: VULHUB: VHN-120314 // JVNDB: JVNDB-2018-004938 // CNNVD: CNNVD-201805-130 // NVD: CVE-2018-10544

SOURCES

db:VULHUBid:VHN-120314
db:JVNDBid:JVNDB-2018-004938
db:CNNVDid:CNNVD-201805-130
db:NVDid:CVE-2018-10544

LAST UPDATE DATE

2024-11-23T22:59:00.081000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-120314date:2018-06-13T00:00:00
db:JVNDBid:JVNDB-2018-004938date:2018-07-02T00:00:00
db:CNNVDid:CNNVD-201805-130date:2018-05-03T00:00:00
db:NVDid:CVE-2018-10544date:2024-11-21T03:41:31.900

SOURCES RELEASE DATE

db:VULHUBid:VHN-120314date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004938date:2018-07-02T00:00:00
db:CNNVDid:CNNVD-201805-130date:2018-05-03T00:00:00
db:NVDid:CVE-2018-10544date:2018-05-02T07:29:00.243