Sign-up

ID

VAR-201807-1261


CVE

CVE-2018-12529


TITLE

Intex N150 Device Cross-Site Request Forgery Vulnerability

Trust: 2.0

sources: CNVD: CNVD-2018-13471 // JVNDB: JVNDB-2018-007786 // CNNVD: CNNVD-201807-067

DESCRIPTION

An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. Intex N150 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntexN150devices is a wireless router product from Intex Technologies, India. A cross-site request forgery vulnerability exists in router firmware in the IntexN150 device

Trust: 2.25

sources: NVD: CVE-2018-12529 // JVNDB: JVNDB-2018-007786 // CNVD: CNVD-2018-13471 // VULHUB: VHN-122497

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-13471

AFFECTED PRODUCTS

vendor:intexmodel:n150scope: - version: -

Trust: 2.0

vendor:intexmodel:n150scope:eqversion:*

Trust: 1.0

sources: CNVD: CNVD-2018-13471 // JVNDB: JVNDB-2018-007786 // CNNVD: CNNVD-201807-067 // NVD: CVE-2018-12529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12529
value: HIGH

Trust: 1.0

NVD: CVE-2018-12529
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-13471
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-067
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122497
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12529
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-13471
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-122497
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12529
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-13471 // VULHUB: VHN-122497 // JVNDB: JVNDB-2018-007786 // CNNVD: CNNVD-201807-067 // NVD: CVE-2018-12529

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-122497 // JVNDB: JVNDB-2018-007786 // NVD: CVE-2018-12529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-067

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201807-067

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007786

PATCH
title:Top Pageurl:http://www.intex.in/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-007786

EXTERNAL IDS
db:NVDid:CVE-2018-12529
Trust: 3.1
db:EXPLOIT-DBid:44939
Trust: 1.7
db:EXPLOIT-DBid:44933
Trust: 1.0
db:JVNDBid:JVNDB-2018-007786
Trust: 0.8
db:CNNVDid:CNNVD-201807-067
Trust: 0.7
db:CNVDid:CNVD-2018-13471
Trust: 0.6
db:VULHUBid:VHN-122497
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-13471 // 
            
            
            
            VULHUB: VHN-122497 // 
            
            
            
            JVNDB: JVNDB-2018-007786 // 
            
            
            
            CNNVD: CNNVD-201807-067 // 
            
            
            
            NVD: CVE-2018-12529

REFERENCES
url:http://securitywarrior9.blogspot.com/2018/06/cross-site-request-forgery-intex-router.html
Trust: 3.1
url:https://www.exploit-db.com/exploits/44939/
Trust: 1.7
url:https://www.exploit-db.com/exploits/44933/
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12529
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12529
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-13471 // 
            
            
            
            VULHUB: VHN-122497 // 
            
            
            
            JVNDB: JVNDB-2018-007786 // 
            
            
            
            CNNVD: CNNVD-201807-067 // 
            
            
            
            NVD: CVE-2018-12529

SOURCES
db:CNVDid:CNVD-2018-13471
db:VULHUBid:VHN-122497
db:JVNDBid:JVNDB-2018-007786
db:CNNVDid:CNNVD-201807-067
db:NVDid:CVE-2018-12529

LAST UPDATE DATE
2024-11-23T21:52:57.996000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-13471date:2018-07-19T00:00:00
db:VULHUBid:VHN-122497date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2018-007786date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-067date:2018-07-03T00:00:00
db:NVDid:CVE-2018-12529date:2024-11-21T03:45:22.393

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-13471date:2018-07-18T00:00:00
db:VULHUBid:VHN-122497date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2018-007786date:2018-09-26T00:00:00
db:CNNVDid:CNNVD-201807-067date:2018-07-03T00:00:00
db:NVDid:CVE-2018-12529date:2018-07-02T16:29:00.397