Sign-up

ID

VAR-201805-0795


CVE

CVE-2018-11477


TITLE

Vgate iCar 2 Wi-Fi OBD2 Dongle information disclosure vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005614

DESCRIPTION

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public. Vgate iCar 2 Wi-Fi OBD2 Dongle is a car fault detection device from China VgateTechnology company. An attacker could exploit this vulnerability to leak all transmission data of the car

Trust: 1.71

sources: NVD: CVE-2018-11477 // JVNDB: JVNDB-2018-005614 // VULHUB: VHN-121340

IOT TAXONOMY

category:['vehicle device']sub_category:vehicle

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:vgatemodel:icar 2 wi-fi obd2scope:eqversion: -

Trust: 1.6

vendor:vgatemodel:icar 2 wi-fi obd2scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-005614 // CNNVD: CNNVD-201805-999 // NVD: CVE-2018-11477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11477
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-11477
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-999
value: MEDIUM

Trust: 0.6

VULHUB: VHN-121340
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-11477
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-121340
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11477
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121340 // JVNDB: JVNDB-2018-005614 // CNNVD: CNNVD-201805-999 // NVD: CVE-2018-11477

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-121340 // JVNDB: JVNDB-2018-005614 // NVD: CVE-2018-11477

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201805-999

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201805-999

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005614

PATCH
title:Top Pageurl:http://www.vgate.com.cn/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005614

EXTERNAL IDS
db:NVDid:CVE-2018-11477
Trust: 2.6
db:JVNDBid:JVNDB-2018-005614
Trust: 0.8
db:CNNVDid:CNNVD-201805-999
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-121340
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-121340 // 
            
            
            
            JVNDB: JVNDB-2018-005614 // 
            
            
            
            CNNVD: CNNVD-201805-999 // 
            
            
            
            NVD: CVE-2018-11477

REFERENCES
url:http://seclists.org/fulldisclosure/2018/may/66
Trust: 2.5
url:https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11477
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11477
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-121340 // 
            
            
            
            JVNDB: JVNDB-2018-005614 // 
            
            
            
            CNNVD: CNNVD-201805-999 // 
            
            
            
            NVD: CVE-2018-11477

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-121340
db:JVNDBid:JVNDB-2018-005614
db:CNNVDid:CNNVD-201805-999
db:NVDid:CVE-2018-11477

LAST UPDATE DATE
2025-01-30T20:15:45.757000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121340date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-005614date:2018-07-24T00:00:00
db:CNNVDid:CNNVD-201805-999date:2019-10-23T00:00:00
db:NVDid:CVE-2018-11477date:2024-11-21T03:43:26.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-121340date:2018-05-30T00:00:00
db:JVNDBid:JVNDB-2018-005614date:2018-07-24T00:00:00
db:CNNVDid:CNNVD-201805-999date:2018-05-31T00:00:00
db:NVDid:CVE-2018-11477date:2018-05-30T21:29:00.473