ID

VAR-201807-0761


CVE

CVE-2018-11491


TITLE

ASUS HG100 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-008457

DESCRIPTION

ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution. ASUS HG100 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSHG100 is a home intelligence monitoring device from ASUS. A command execution vulnerability exists in ASUSHG100 using firmware prior to 1.05.12. A remote attacker can exploit the vulnerability to execute commands

Trust: 2.25

sources: NVD: CVE-2018-11491 // JVNDB: JVNDB-2018-008457 // CNVD: CNVD-2018-17185 // VULMON: CVE-2018-11491

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-17185

AFFECTED PRODUCTS

vendor:asusmodel:hg100scope:ltversion:1.05.12

Trust: 1.0

vendor:asustek computermodel:hg100scope:ltversion:1.05.12

Trust: 0.8

vendor:asusmodel:hg100scope:eqversion:1.05.12

Trust: 0.6

sources: CNVD: CNVD-2018-17185 // JVNDB: JVNDB-2018-008457 // NVD: CVE-2018-11491

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11491
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11491
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-17185
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-1849
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-11491
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11491
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-17185
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-11491
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-17185 // VULMON: CVE-2018-11491 // JVNDB: JVNDB-2018-008457 // CNNVD: CNNVD-201807-1849 // NVD: CVE-2018-11491

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-008457 // NVD: CVE-2018-11491

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1849

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201807-1849

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008457

PATCH

title:SmartHome Gateway HG100: Security Updateurl:https://www.asus.com/tw/News/qnEosWKPVDpmOeqL

Trust: 0.8

title:ASUSHG100 command to execute a patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/139109

Trust: 0.6

title:ASUS HG100 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82627

Trust: 0.6

sources: CNVD: CNVD-2018-17185 // JVNDB: JVNDB-2018-008457 // CNNVD: CNNVD-201807-1849

EXTERNAL IDS

db:NVDid:CVE-2018-11491

Trust: 3.1

db:JVNDBid:JVNDB-2018-008457

Trust: 0.8

db:CNVDid:CNVD-2018-17185

Trust: 0.6

db:NSFOCUSid:40568

Trust: 0.6

db:CNNVDid:CNNVD-201807-1849

Trust: 0.6

db:VULMONid:CVE-2018-11491

Trust: 0.1

sources: CNVD: CNVD-2018-17185 // VULMON: CVE-2018-11491 // JVNDB: JVNDB-2018-008457 // CNNVD: CNNVD-201807-1849 // NVD: CVE-2018-11491

REFERENCES

url:https://www.asus.com/tw/news/qneoswkpvdpmoeql

Trust: 2.3

url:https://mars-cheng.github.io/blog/2018/cve-2018-11491/

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11491

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-11491

Trust: 0.8

url:http://www.nsfocus.net/vulndb/40568

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2018-17185 // VULMON: CVE-2018-11491 // JVNDB: JVNDB-2018-008457 // CNNVD: CNNVD-201807-1849 // NVD: CVE-2018-11491

SOURCES

db:CNVDid:CNVD-2018-17185
db:VULMONid:CVE-2018-11491
db:JVNDBid:JVNDB-2018-008457
db:CNNVDid:CNNVD-201807-1849
db:NVDid:CVE-2018-11491

LAST UPDATE DATE

2024-11-23T22:48:40.892000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-17185date:2018-08-31T00:00:00
db:VULMONid:CVE-2018-11491date:2018-09-20T00:00:00
db:JVNDBid:JVNDB-2018-008457date:2018-10-18T00:00:00
db:CNNVDid:CNNVD-201807-1849date:2018-07-26T00:00:00
db:NVDid:CVE-2018-11491date:2024-11-21T03:43:28.580

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-17185date:2018-08-31T00:00:00
db:VULMONid:CVE-2018-11491date:2018-07-25T00:00:00
db:JVNDBid:JVNDB-2018-008457date:2018-10-18T00:00:00
db:CNNVDid:CNNVD-201807-1849date:2018-07-26T00:00:00
db:NVDid:CVE-2018-11491date:2018-07-25T13:29:00.267