Sign-up

ID

VAR-201808-0321


CVE

CVE-2018-15124


TITLE

Zipato Zipabox Smart Home Controller Vulnerabilities related to cryptographic strength

Trust: 0.8

sources: JVNDB: JVNDB-2018-008984

DESCRIPTION

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. Zipato Zipabox Smart Home Controller Contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Zipato Zipabox is a smart home gateway controller from Zipato, Republic of Croatia. Attackers can exploit this vulnerability to extract plaintext passwords and gain root access to the device

Trust: 1.8

sources: NVD: CVE-2018-15124 // JVNDB: JVNDB-2018-008984 // VULHUB: VHN-125352 // VULMON: CVE-2018-15124

AFFECTED PRODUCTS

vendor:zipatomodel:zipaboxscope:eqversion:118

Trust: 2.4

sources: JVNDB: JVNDB-2018-008984 // CNNVD: CNNVD-201808-314 // NVD: CVE-2018-15124

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15124
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-15124
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201808-314
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125352
value: HIGH

Trust: 0.1

VULMON: CVE-2018-15124
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15124
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-125352
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15124
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125352 // VULMON: CVE-2018-15124 // JVNDB: JVNDB-2018-008984 // CNNVD: CNNVD-201808-314 // NVD: CVE-2018-15124

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.9

sources: VULHUB: VHN-125352 // JVNDB: JVNDB-2018-008984 // NVD: CVE-2018-15124

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-314

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-314

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008984

PATCH
title:Top Pageurl:https://www.zipato.com/
Trust: 0.8
title:Zipato Zipabox Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83850
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008984 // 
            
            
            
            CNNVD: CNNVD-201808-314

EXTERNAL IDS
db:NVDid:CVE-2018-15124
Trust: 2.6
db:JVNDBid:JVNDB-2018-008984
Trust: 0.8
db:CNNVDid:CNNVD-201808-314
Trust: 0.7
db:VULHUBid:VHN-125352
Trust: 0.1
db:VULMONid:CVE-2018-15124
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125352 // 
            
            
            
            VULMON: CVE-2018-15124 // 
            
            
            
            JVNDB: JVNDB-2018-008984 // 
            
            
            
            CNNVD: CNNVD-201808-314 // 
            
            
            
            NVD: CVE-2018-15124

REFERENCES
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15124
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15124
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/326.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125352 // 
            
            
            
            VULMON: CVE-2018-15124 // 
            
            
            
            JVNDB: JVNDB-2018-008984 // 
            
            
            
            CNNVD: CNNVD-201808-314 // 
            
            
            
            NVD: CVE-2018-15124

SOURCES
db:VULHUBid:VHN-125352
db:VULMONid:CVE-2018-15124
db:JVNDBid:JVNDB-2018-008984
db:CNNVDid:CNNVD-201808-314
db:NVDid:CVE-2018-15124

LAST UPDATE DATE
2024-11-23T22:48:35.830000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125352date:2018-10-10T00:00:00
db:VULMONid:CVE-2018-15124date:2018-10-10T00:00:00
db:JVNDBid:JVNDB-2018-008984date:2018-11-05T00:00:00
db:CNNVDid:CNNVD-201808-314date:2018-08-14T00:00:00
db:NVDid:CVE-2018-15124date:2024-11-21T03:50:21.427

SOURCES RELEASE DATE
db:VULHUBid:VHN-125352date:2018-08-13T00:00:00
db:VULMONid:CVE-2018-15124date:2018-08-13T00:00:00
db:JVNDBid:JVNDB-2018-008984date:2018-11-05T00:00:00
db:CNNVDid:CNNVD-201808-314date:2018-08-14T00:00:00
db:NVDid:CVE-2018-15124date:2018-08-13T21:48:01.477