Sign-up

ID

VAR-201805-0804


CVE

CVE-2018-11315


TITLE

Radio Thermostat CT50 and CT80 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005394

DESCRIPTION

The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860. Radio Thermostat CT50 and CT80 Contains an input validation vulnerability.Information may be tampered with. Radio Thermostat CT50 and CT80 are touch screen thermostat products of American Radio Thermostat Company. This product manages heating and cooling systems in homes. Local HTTP API is one of the local HTTP interfaces

Trust: 1.71

sources: NVD: CVE-2018-11315 // JVNDB: JVNDB-2018-005394 // VULHUB: VHN-121162

AFFECTED PRODUCTS

vendor:radiothermostatmodel:ct80scope:lteversion:1.04.84

Trust: 1.0

vendor:radiothermostatmodel:ct50scope:lteversion:1.04.84

Trust: 1.0

vendor:radio thermostat of americamodel:ct50scope:lteversion:1.04.84

Trust: 0.8

vendor:radio thermostat of americamodel:ct80scope:lteversion:1.04.84

Trust: 0.8

vendor:radiothermostatmodel:ct80scope:eqversion:1.04.84

Trust: 0.6

vendor:radiothermostatmodel:ct50scope:eqversion:1.04.84

Trust: 0.6

sources: JVNDB: JVNDB-2018-005394 // CNNVD: CNNVD-201805-638 // NVD: CVE-2018-11315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11315
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-11315
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-638
value: LOW

Trust: 0.6

VULHUB: VHN-121162
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-11315
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-121162
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11315
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121162 // JVNDB: JVNDB-2018-005394 // CNNVD: CNNVD-201805-638 // NVD: CVE-2018-11315

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-121162 // JVNDB: JVNDB-2018-005394 // NVD: CVE-2018-11315

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201805-638

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201805-638

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005394

PATCH
title:Top Pageurl:http://www.radiothermostat.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005394

EXTERNAL IDS
db:NVDid:CVE-2018-11315
Trust: 2.5
db:JVNDBid:JVNDB-2018-005394
Trust: 0.8
db:CNNVDid:CNNVD-201805-638
Trust: 0.7
db:VULHUBid:VHN-121162
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121162 // 
            
            
            
            JVNDB: JVNDB-2018-005394 // 
            
            
            
            CNNVD: CNNVD-201805-638 // 
            
            
            
            NVD: CVE-2018-11315

REFERENCES
url:https://github.com/brannondorsey/radio-thermostat
Trust: 2.5
url:https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability
Trust: 1.1
url:https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11315
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11315
Trust: 0.8
url:https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121162 // 
            
            
            
            JVNDB: JVNDB-2018-005394 // 
            
            
            
            CNNVD: CNNVD-201805-638 // 
            
            
            
            NVD: CVE-2018-11315

SOURCES
db:VULHUBid:VHN-121162
db:JVNDBid:JVNDB-2018-005394
db:CNNVDid:CNNVD-201805-638
db:NVDid:CVE-2018-11315

LAST UPDATE DATE
2024-11-23T22:06:50.074000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121162date:2018-07-04T00:00:00
db:JVNDBid:JVNDB-2018-005394date:2018-07-13T00:00:00
db:CNNVDid:CNNVD-201805-638date:2018-05-21T00:00:00
db:NVDid:CVE-2018-11315date:2024-11-21T03:43:07.153

SOURCES RELEASE DATE
db:VULHUBid:VHN-121162date:2018-05-20T00:00:00
db:JVNDBid:JVNDB-2018-005394date:2018-07-13T00:00:00
db:CNNVDid:CNNVD-201805-638date:2018-05-21T00:00:00
db:NVDid:CVE-2018-11315date:2018-05-20T13:29:00.273