Sign-up

ID

VAR-201808-0320


CVE

CVE-2018-15123


TITLE

Zipato Zipabox Smart Home Controller Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008983

DESCRIPTION

Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home. Zipato Zipabox Smart Home Controller Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Zipato Zipabox is a smart home gateway controller from Zipato, Republic of Croatia. Zipato Zipabox BOARD REV - 1 version (system version 118) has a security hole

Trust: 1.8

sources: NVD: CVE-2018-15123 // JVNDB: JVNDB-2018-008983 // VULHUB: VHN-125351 // VULMON: CVE-2018-15123

AFFECTED PRODUCTS

vendor:zipatomodel:zipaboxscope:eqversion:118

Trust: 2.4

sources: JVNDB: JVNDB-2018-008983 // CNNVD: CNNVD-201808-315 // NVD: CVE-2018-15123

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15123
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-15123
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201808-315
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125351
value: HIGH

Trust: 0.1

VULMON: CVE-2018-15123
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15123
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-125351
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15123
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125351 // VULMON: CVE-2018-15123 // JVNDB: JVNDB-2018-008983 // CNNVD: CNNVD-201808-315 // NVD: CVE-2018-15123

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-125351 // JVNDB: JVNDB-2018-008983 // NVD: CVE-2018-15123

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-315

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-315

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008983

PATCH
title:Top Pageurl:https://www.zipato.com/
Trust: 0.8
title:Zipato Zipabox Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83851
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008983 // 
            
            
            
            CNNVD: CNNVD-201808-315

EXTERNAL IDS
db:NVDid:CVE-2018-15123
Trust: 2.6
db:JVNDBid:JVNDB-2018-008983
Trust: 0.8
db:CNNVDid:CNNVD-201808-315
Trust: 0.7
db:VULHUBid:VHN-125351
Trust: 0.1
db:VULMONid:CVE-2018-15123
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125351 // 
            
            
            
            VULMON: CVE-2018-15123 // 
            
            
            
            JVNDB: JVNDB-2018-008983 // 
            
            
            
            CNNVD: CNNVD-201808-315 // 
            
            
            
            NVD: CVE-2018-15123

REFERENCES
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-003-zipato-zipabox-insecure-configuration-storage/
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15123
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15123
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125351 // 
            
            
            
            VULMON: CVE-2018-15123 // 
            
            
            
            JVNDB: JVNDB-2018-008983 // 
            
            
            
            CNNVD: CNNVD-201808-315 // 
            
            
            
            NVD: CVE-2018-15123

SOURCES
db:VULHUBid:VHN-125351
db:VULMONid:CVE-2018-15123
db:JVNDBid:JVNDB-2018-008983
db:CNNVDid:CNNVD-201808-315
db:NVDid:CVE-2018-15123

LAST UPDATE DATE
2024-11-23T23:12:04.690000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125351date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-15123date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008983date:2018-11-05T00:00:00
db:CNNVDid:CNNVD-201808-315date:2019-10-23T00:00:00
db:NVDid:CVE-2018-15123date:2024-11-21T03:50:21.310

SOURCES RELEASE DATE
db:VULHUBid:VHN-125351date:2018-08-13T00:00:00
db:VULMONid:CVE-2018-15123date:2018-08-13T00:00:00
db:JVNDBid:JVNDB-2018-008983date:2018-11-05T00:00:00
db:CNNVDid:CNNVD-201808-315date:2018-08-14T00:00:00
db:NVDid:CVE-2018-15123date:2018-08-13T21:48:01.353