Sign-up

ID

VAR-201807-1046


CVE

CVE-2018-13109


TITLE

plural ADB Vulnerabilities related to authorization, authority, and access control in broadband gateways and routers

Trust: 0.8

sources: JVNDB: JVNDB-2018-007688

DESCRIPTION

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well. plural ADB Broadband gateways and routers contain vulnerabilities related to authorization, authority, and access control.Information may be tampered with. ADBbroadbandgateways/routersonEpicentroplatform is a gateway and router device for the Epicentro platform from ADB, Switzerland. A security vulnerability exists in ADBbroadbandgateways/routers based on the Epicentro platform

Trust: 2.25

sources: NVD: CVE-2018-13109 // JVNDB: JVNDB-2018-007688 // CNVD: CNVD-2018-12783 // VULHUB: VHN-123135

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12783

AFFECTED PRODUCTS

vendor:adbglobalmodel:vv2220scope:eqversion: -

Trust: 1.6

vendor:adbglobalmodel:dv2210scope:eqversion: -

Trust: 1.6

vendor:adbglobalmodel:vv5522scope:eqversion: -

Trust: 1.6

vendor:adbglobalmodel:prg av4202nscope:eqversion: -

Trust: 1.6

vendor:adbmodel:dv 2210scope: - version: -

Trust: 0.8

vendor:adbmodel:p.rg av4202nscope: - version: -

Trust: 0.8

vendor:adbmodel:vv 2220scope: - version: -

Trust: 0.8

vendor:adbmodel:vv 5522scope: - version: -

Trust: 0.8

vendor:adbmodel:broadband gateways/routers on epicentro platformscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-12783 // JVNDB: JVNDB-2018-007688 // CNNVD: CNNVD-201807-443 // NVD: CVE-2018-13109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13109
value: HIGH

Trust: 1.0

NVD: CVE-2018-13109
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-12783
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-443
value: HIGH

Trust: 0.6

VULHUB: VHN-123135
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13109
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12783
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-123135
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13109
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12783 // VULHUB: VHN-123135 // JVNDB: JVNDB-2018-007688 // CNNVD: CNNVD-201807-443 // NVD: CVE-2018-13109

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-123135 // JVNDB: JVNDB-2018-007688 // NVD: CVE-2018-13109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-443

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201807-443

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007688

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-123135

PATCH
title:Top Pageurl:https://www.adbglobal.com/
Trust: 0.8
title:ADBBroadbandGateways/Routers authorize patches to bypass vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/133901
Trust: 0.6
title:ADB broadband gateways/routers on Epicentro platform Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81864
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12783 // 
            
            
            
            JVNDB: JVNDB-2018-007688 // 
            
            
            
            CNNVD: CNNVD-201807-443

EXTERNAL IDS
db:NVDid:CVE-2018-13109
Trust: 3.1
db:PACKETSTORMid:148429
Trust: 2.5
db:EXPLOIT-DBid:44982
Trust: 2.3
db:JVNDBid:JVNDB-2018-007688
Trust: 0.8
db:CNNVDid:CNNVD-201807-443
Trust: 0.7
db:CNVDid:CNVD-2018-12783
Trust: 0.6
db:SEEBUGid:SSVID-97650
Trust: 0.1
db:VULHUBid:VHN-123135
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12783 // 
            
            
            
            VULHUB: VHN-123135 // 
            
            
            
            JVNDB: JVNDB-2018-007688 // 
            
            
            
            CNNVD: CNNVD-201807-443 // 
            
            
            
            NVD: CVE-2018-13109

REFERENCES
url:http://packetstormsecurity.com/files/148429/adb-authorization-bypass.html
Trust: 3.1
url:http://seclists.org/fulldisclosure/2018/jul/18
Trust: 2.3
url:https://www.exploit-db.com/exploits/44982/
Trust: 2.3
url:http://www.securityfocus.com/archive/1/542119/100/0/threaded
Trust: 1.7
url:https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13109
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-13109
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-12783 // 
            
            
            
            VULHUB: VHN-123135 // 
            
            
            
            JVNDB: JVNDB-2018-007688 // 
            
            
            
            CNNVD: CNNVD-201807-443 // 
            
            
            
            NVD: CVE-2018-13109

SOURCES
db:CNVDid:CNVD-2018-12783
db:VULHUBid:VHN-123135
db:JVNDBid:JVNDB-2018-007688
db:CNNVDid:CNNVD-201807-443
db:NVDid:CVE-2018-13109

LAST UPDATE DATE
2024-11-23T22:58:56.818000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12783date:2018-07-10T00:00:00
db:VULHUBid:VHN-123135date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-007688date:2018-09-21T00:00:00
db:CNNVDid:CNNVD-201807-443date:2019-10-23T00:00:00
db:NVDid:CVE-2018-13109date:2024-11-21T03:46:27.270

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12783date:2018-07-10T00:00:00
db:VULHUBid:VHN-123135date:2018-07-06T00:00:00
db:JVNDBid:JVNDB-2018-007688date:2018-09-21T00:00:00
db:CNNVDid:CNNVD-201807-443date:2018-07-09T00:00:00
db:NVDid:CVE-2018-13109date:2018-07-06T14:29:01.100