Sign-up

ID

VAR-201807-1045


CVE

CVE-2018-13108


TITLE

plural ADB Vulnerabilities related to access control in broadband gateways and routers

Trust: 0.8

sources: JVNDB: JVNDB-2018-007687

DESCRIPTION

All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP. plural ADB Broadband gateways and routers contain access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBbroadbandgateways/routersonEpicentroplatform is a gateway and router device for the Epicentro platform from ADB, Switzerland. A security vulnerability exists in ADBbroadbandgateways/routers based on the Epicentro platform

Trust: 2.34

sources: NVD: CVE-2018-13108 // JVNDB: JVNDB-2018-007687 // CNVD: CNVD-2018-12784 // VULHUB: VHN-123134 // VULMON: CVE-2018-13108

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12784

AFFECTED PRODUCTS

vendor:adbglobalmodel:vv2220scope:eqversion: -

Trust: 1.6

vendor:adbglobalmodel:dv2210scope:eqversion: -

Trust: 1.6

vendor:adbglobalmodel:vv5522scope:eqversion: -

Trust: 1.6

vendor:adbglobalmodel:prg av4202nscope:eqversion: -

Trust: 1.6

vendor:adbmodel:dv 2210scope: - version: -

Trust: 0.8

vendor:adbmodel:p.rg av4202nscope: - version: -

Trust: 0.8

vendor:adbmodel:vv 2220scope: - version: -

Trust: 0.8

vendor:adbmodel:vv 5522scope: - version: -

Trust: 0.8

vendor:adbmodel:broadband gateways/routers on epicentro platformscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-12784 // JVNDB: JVNDB-2018-007687 // CNNVD: CNNVD-201807-444 // NVD: CVE-2018-13108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13108
value: HIGH

Trust: 1.0

NVD: CVE-2018-13108
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-12784
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-444
value: HIGH

Trust: 0.6

VULHUB: VHN-123134
value: HIGH

Trust: 0.1

VULMON: CVE-2018-13108
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-13108
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-12784
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-123134
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13108
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12784 // VULHUB: VHN-123134 // VULMON: CVE-2018-13108 // JVNDB: JVNDB-2018-007687 // CNNVD: CNNVD-201807-444 // NVD: CVE-2018-13108

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-123134 // JVNDB: JVNDB-2018-007687 // NVD: CVE-2018-13108

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-444

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-444

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007687

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-123134 // 
            
            
            
            VULMON: CVE-2018-13108

PATCH
title:Top Pageurl:https://www.adbglobal.com/
Trust: 0.8
title:ADBBroadbandGateways/Routers patch for local root jailbreak vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/133899
Trust: 0.6
title:ADB broadband gateways/routers on Epicentro platform Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81865
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12784 // 
            
            
            
            JVNDB: JVNDB-2018-007687 // 
            
            
            
            CNNVD: CNNVD-201807-444

EXTERNAL IDS
db:NVDid:CVE-2018-13108
Trust: 3.2
db:PACKETSTORMid:148424
Trust: 2.6
db:EXPLOIT-DBid:44983
Trust: 2.4
db:JVNDBid:JVNDB-2018-007687
Trust: 0.8
db:CNVDid:CNVD-2018-12784
Trust: 0.6
db:CNNVDid:CNNVD-201807-444
Trust: 0.6
db:VULHUBid:VHN-123134
Trust: 0.1
db:VULMONid:CVE-2018-13108
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12784 // 
            
            
            
            VULHUB: VHN-123134 // 
            
            
            
            VULMON: CVE-2018-13108 // 
            
            
            
            JVNDB: JVNDB-2018-007687 // 
            
            
            
            CNNVD: CNNVD-201807-444 // 
            
            
            
            NVD: CVE-2018-13108

REFERENCES
url:http://packetstormsecurity.com/files/148424/adb-local-root-jailbreak.html
Trust: 2.6
url:https://www.exploit-db.com/exploits/44983/
Trust: 2.5
url:http://seclists.org/fulldisclosure/2018/jul/17
Trust: 2.4
url:http://www.securityfocus.com/archive/1/542117/100/0/threaded
Trust: 1.8
url:https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13108
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-13108
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12784 // 
            
            
            
            VULHUB: VHN-123134 // 
            
            
            
            VULMON: CVE-2018-13108 // 
            
            
            
            JVNDB: JVNDB-2018-007687 // 
            
            
            
            CNNVD: CNNVD-201807-444 // 
            
            
            
            NVD: CVE-2018-13108

SOURCES
db:CNVDid:CNVD-2018-12784
db:VULHUBid:VHN-123134
db:VULMONid:CVE-2018-13108
db:JVNDBid:JVNDB-2018-007687
db:CNNVDid:CNNVD-201807-444
db:NVDid:CVE-2018-13108

LAST UPDATE DATE
2024-11-23T22:06:41.126000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12784date:2018-07-10T00:00:00
db:VULHUBid:VHN-123134date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-13108date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-007687date:2018-09-21T00:00:00
db:CNNVDid:CNNVD-201807-444date:2019-10-23T00:00:00
db:NVDid:CVE-2018-13108date:2024-11-21T03:46:27.113

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12784date:2018-07-10T00:00:00
db:VULHUBid:VHN-123134date:2018-07-06T00:00:00
db:VULMONid:CVE-2018-13108date:2018-07-06T00:00:00
db:JVNDBid:JVNDB-2018-007687date:2018-09-21T00:00:00
db:CNNVDid:CNNVD-201807-444date:2018-07-09T00:00:00
db:NVDid:CVE-2018-13108date:2018-07-06T14:29:01.053