Sign-up

ID

VAR-201807-1260


CVE

CVE-2018-12528


TITLE

Intex N150 Device unrestricted upload vulnerability type file vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007785

DESCRIPTION

An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it. Intex N150 The device contains a vulnerability related to unlimited uploads of dangerous types of files.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Intex N150 devices is a wireless router product from India's Intex Technologies

Trust: 2.25

sources: NVD: CVE-2018-12528 // JVNDB: JVNDB-2018-007785 // CNVD: CNVD-2019-42861 // VULHUB: VHN-122496

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-42861

AFFECTED PRODUCTS

vendor:intexmodel:n150scope:eqversion: -

Trust: 1.6

vendor:intexmodel:n150scope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2019-42861 // JVNDB: JVNDB-2018-007785 // CNNVD: CNNVD-201807-068 // NVD: CVE-2018-12528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12528
value: HIGH

Trust: 1.0

NVD: CVE-2018-12528
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-42861
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-068
value: HIGH

Trust: 0.6

VULHUB: VHN-122496
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12528
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-42861
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-122496
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12528
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-42861 // VULHUB: VHN-122496 // JVNDB: JVNDB-2018-007785 // CNNVD: CNNVD-201807-068 // NVD: CVE-2018-12528

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

sources: VULHUB: VHN-122496 // JVNDB: JVNDB-2018-007785 // NVD: CVE-2018-12528

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-068

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-068

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007785

PATCH
title:Top Pageurl:http://www.intex.in/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-007785

EXTERNAL IDS
db:NVDid:CVE-2018-12528
Trust: 3.1
db:EXPLOIT-DBid:44933
Trust: 2.3
db:JVNDBid:JVNDB-2018-007785
Trust: 0.8
db:CNNVDid:CNNVD-201807-068
Trust: 0.7
db:EXPLOITDBid:44933
Trust: 0.6
db:CNVDid:CNVD-2019-42861
Trust: 0.6
db:VULHUBid:VHN-122496
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-42861 // 
            
            
            
            VULHUB: VHN-122496 // 
            
            
            
            JVNDB: JVNDB-2018-007785 // 
            
            
            
            CNNVD: CNNVD-201807-068 // 
            
            
            
            NVD: CVE-2018-12528

REFERENCES
url:http://securitywarrior9.blogspot.com/2018/06/malicious-file-upload-intex-router-n.html
Trust: 3.1
url:https://www.exploit-db.com/exploits/44933/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12528
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12528
Trust: 0.8
url:https://www.exploit-db.com/exploits/44933
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-42861 // 
            
            
            
            VULHUB: VHN-122496 // 
            
            
            
            JVNDB: JVNDB-2018-007785 // 
            
            
            
            CNNVD: CNNVD-201807-068 // 
            
            
            
            NVD: CVE-2018-12528

SOURCES
db:CNVDid:CNVD-2019-42861
db:VULHUBid:VHN-122496
db:JVNDBid:JVNDB-2018-007785
db:CNNVDid:CNNVD-201807-068
db:NVDid:CVE-2018-12528

LAST UPDATE DATE
2024-11-23T21:52:57.966000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-42861date:2019-11-29T00:00:00
db:VULHUBid:VHN-122496date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2018-007785date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-068date:2018-07-03T00:00:00
db:NVDid:CVE-2018-12528date:2024-11-21T03:45:22.243

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-42861date:2018-11-29T00:00:00
db:VULHUBid:VHN-122496date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2018-007785date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-068date:2018-07-03T00:00:00
db:NVDid:CVE-2018-12528date:2018-07-02T16:29:00.350