Details of VAR-201807-1047

ID

VAR-201807-1047

CVE

CVE-2018-13110

TITLE

plural ADB Vulnerabilities related to authorization, authority, and access control in broadband gateways and routers

Trust: 0.8

sources: JVNDB: JVNDB-2018-007689

DESCRIPTION

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks. plural ADB Broadband gateways and routers contain vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ADBbroadbandgateways/routersonEpicentroplatform is a gateway and router device for the Epicentro platform from ADB, Switzerland. An elevation of privilege vulnerability exists in ADBbroadbandgateways/routers based on the Epicentro platform

Trust: 2.25

sources: NVD: CVE-2018-13110 // JVNDB: JVNDB-2018-007689 // CNVD: CNVD-2018-12782 // VULHUB: VHN-123137

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12782

AFFECTED PRODUCTS

vendor:	adbglobal	model:	vv2220	scope:	eq	version:	-	Trust: 1.6
vendor:	adbglobal	model:	dv2210	scope:	eq	version:	-	Trust: 1.6
vendor:	adbglobal	model:	vv5522	scope:	eq	version:	-	Trust: 1.6
vendor:	adbglobal	model:	prg av4202n	scope:	eq	version:	-	Trust: 1.6
vendor:	adb	model:	dv 2210	scope:	-	version:	-	Trust: 0.8
vendor:	adb	model:	p.rg av4202n	scope:	-	version:	-	Trust: 0.8
vendor:	adb	model:	vv 2220	scope:	-	version:	-	Trust: 0.8
vendor:	adb	model:	vv 5522	scope:	-	version:	-	Trust: 0.8
vendor:	adb	model:	broadband gateways/routers on epicentro platform	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-12782 // JVNDB: JVNDB-2018-007689 // CNNVD: CNNVD-201807-442 // NVD: CVE-2018-13110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13110
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-13110
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-12782
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201807-442
value:	HIGH
Trust: 0.6
VULHUB:	VHN-123137
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-13110
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2018-13110
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2018-12782
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-123137
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13110
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2018-13110
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-12782 // VULHUB: VHN-123137 // JVNDB: JVNDB-2018-007689 // CNNVD: CNNVD-201807-442 // NVD: CVE-2018-13110

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-123137 // JVNDB: JVNDB-2018-007689 // NVD: CVE-2018-13110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-442

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201807-442

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007689

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-123137

PATCH

title:	Top Page	url:	https://www.adbglobal.com/	Trust: 0.8
title:	Patch for ADBBroadbandGateways/Routers Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/133903	Trust: 0.6
title:	ADB broadband gateways/routers on Epicentro platform Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81863	Trust: 0.6

sources: CNVD: CNVD-2018-12782 // JVNDB: JVNDB-2018-007689 // CNNVD: CNNVD-201807-442

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13110	Trust: 3.1
db:	PACKETSTORM	id:	148430	Trust: 2.5
db:	EXPLOIT-DB	id:	44984	Trust: 2.3
db:	JVNDB	id:	JVNDB-2018-007689	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-442	Trust: 0.7
db:	CNVD	id:	CNVD-2018-12782	Trust: 0.6
db:	VULHUB	id:	VHN-123137	Trust: 0.1

sources: CNVD: CNVD-2018-12782 // VULHUB: VHN-123137 // JVNDB: JVNDB-2018-007689 // CNNVD: CNNVD-201807-442 // NVD: CVE-2018-13110

REFERENCES

url:	http://packetstormsecurity.com/files/148430/adb-group-manipulation-privilege-escalation.html	Trust: 3.1
url:	http://seclists.org/fulldisclosure/2018/jul/19	Trust: 2.3
url:	https://www.exploit-db.com/exploits/44984/	Trust: 2.3
url:	http://www.securityfocus.com/archive/1/542118/100/0/threaded	Trust: 1.7
url:	https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13110	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13110	Trust: 0.8

sources: CNVD: CNVD-2018-12782 // VULHUB: VHN-123137 // JVNDB: JVNDB-2018-007689 // CNNVD: CNNVD-201807-442 // NVD: CVE-2018-13110

SOURCES

db:	CNVD	id:	CNVD-2018-12782
db:	VULHUB	id:	VHN-123137
db:	JVNDB	id:	JVNDB-2018-007689
db:	CNNVD	id:	CNNVD-201807-442
db:	NVD	id:	CVE-2018-13110

LAST UPDATE DATE

2024-11-23T22:26:16.401000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12782	date:	2018-07-10T00:00:00
db:	VULHUB	id:	VHN-123137	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007689	date:	2018-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201807-442	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-13110	date:	2024-11-21T03:46:27.423

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-12782	date:	2018-07-10T00:00:00
db:	VULHUB	id:	VHN-123137	date:	2018-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-007689	date:	2018-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201807-442	date:	2018-07-09T00:00:00
db:	NVD	id:	CVE-2018-13110	date:	2018-07-06T14:29:01.163