Sign-up

ID

VAR-201805-0935


CVE

CVE-2018-9112


TITLE

Foxconn FEMTO AP-FC4064-T Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-005097

DESCRIPTION

A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges by modifying cookies. Foxconn FEMTO AP-FC4064-T Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foxconn FEMTO AP-FC4064-T is a home base station equipment manufactured by Foxconn. There is a security vulnerability in the web management page of Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15

Trust: 1.71

sources: NVD: CVE-2018-9112 // JVNDB: JVNDB-2018-005097 // VULHUB: VHN-139144

IOT TAXONOMY

category:['network device']sub_category:access point

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:foxconnmodel:ap-fc4064-tscope:eqversion:ap_gt_b38_5.8.3lb15-w47_lte

Trust: 1.6

vendor:foxconnmodel:femtocell femto ap-fc4064-tscope:eqversion:ap_gt_b38_5.8.3lb15-w47 lte build 15

Trust: 0.8

sources: JVNDB: JVNDB-2018-005097 // CNNVD: CNNVD-201805-356 // NVD: CVE-2018-9112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9112
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-9112
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201805-356
value: HIGH

Trust: 0.6

VULHUB: VHN-139144
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-9112
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139144
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139144 // JVNDB: JVNDB-2018-005097 // CNNVD: CNNVD-201805-356 // NVD: CVE-2018-9112

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-139144 // JVNDB: JVNDB-2018-005097 // NVD: CVE-2018-9112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-356

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-356

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005097

PATCH
title:Top Pageurl:http://www.foxconn.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005097

EXTERNAL IDS
db:NVDid:CVE-2018-9112
Trust: 2.6
db:JVNDBid:JVNDB-2018-005097
Trust: 0.8
db:CNNVDid:CNNVD-201805-356
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-139144
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-139144 // 
            
            
            
            JVNDB: JVNDB-2018-005097 // 
            
            
            
            CNNVD: CNNVD-201805-356 // 
            
            
            
            NVD: CVE-2018-9112

REFERENCES
url:https://gist.github.com/chuanyuan-huang/a92b8b32980123d5fa9bf5a8299114bf
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9112
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9112
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-139144 // 
            
            
            
            JVNDB: JVNDB-2018-005097 // 
            
            
            
            CNNVD: CNNVD-201805-356 // 
            
            
            
            NVD: CVE-2018-9112

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-139144
db:JVNDBid:JVNDB-2018-005097
db:CNNVDid:CNNVD-201805-356
db:NVDid:CVE-2018-9112

LAST UPDATE DATE
2025-01-30T21:09:40.469000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139144date:2018-06-18T00:00:00
db:JVNDBid:JVNDB-2018-005097date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-356date:2018-05-11T00:00:00
db:NVDid:CVE-2018-9112date:2024-11-21T04:14:59.297

SOURCES RELEASE DATE
db:VULHUBid:VHN-139144date:2018-05-10T00:00:00
db:JVNDBid:JVNDB-2018-005097date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-356date:2018-05-11T00:00:00
db:NVDid:CVE-2018-9112date:2018-05-10T03:29:00.513