Sign-up

ID

VAR-201808-0458


CVE

CVE-2018-15478


TITLE

plural myStrom Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-010245

DESCRIPTION

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The process of registering a device with a cloud account was based on an activation code derived from the device MAC address. By guessing valid MAC addresses or using MAC addresses printed on devices in shops and reverse engineering the protocol, an attacker would have been able to register previously unregistered devices to their account. When the rightful owner would have connected them after purchase to their WiFi network, the devices would not have registered with their account, would subsequently not have been controllable from the owner's mobile app, and would not have been visible in the owner's account. Instead, they would have been under control of the attacker. plural myStrom Product Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2018-15478 // JVNDB: JVNDB-2018-010245

IOT TAXONOMY

category:['network device']sub_category:switch

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:mystrommodel:wifi bulbscope:ltversion:2.58

Trust: 1.8

vendor:mystrommodel:wifi button plusscope:ltversion:2.73

Trust: 1.8

vendor:mystrommodel:wifi buttonscope:ltversion:2.73

Trust: 1.8

vendor:mystrommodel:wifi led stripscope:ltversion:3.80

Trust: 1.8

vendor:mystrommodel:wifi switch euscope:ltversion:3.80

Trust: 1.8

vendor:mystrommodel:wifi switchscope:ltversion:3.80

Trust: 1.0

vendor:mystrommodel:wifi switchscope:ltversion:2.66

Trust: 1.0

vendor:mystrommodel:wifi switchscope:ltversion:v1 2.66

Trust: 0.8

vendor:mystrommodel:wifi switchscope:ltversion:v2 3.80

Trust: 0.8

sources: JVNDB: JVNDB-2018-010245 // NVD: CVE-2018-15478

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15478
value: HIGH

Trust: 1.0

NVD: CVE-2018-15478
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-971
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-15478
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-15478
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-010245 // CNNVD: CNNVD-201808-971 // NVD: CVE-2018-15478

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-010245 // NVD: CVE-2018-15478

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-971

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201808-971

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010245

PATCH
title:Top Pageurl:https://mystrom.ch/
Trust: 0.8
title:Multiple myStrom WiFi Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84386
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010245 // 
            
            
            
            CNNVD: CNNVD-201808-971

EXTERNAL IDS
db:NVDid:CVE-2018-15478
Trust: 2.5
db:JVNDBid:JVNDB-2018-010245
Trust: 0.8
db:CNNVDid:CNNVD-201808-971
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2018-010245 // 
            
            
            
            CNNVD: CNNVD-201808-971 // 
            
            
            
            NVD: CVE-2018-15478

REFERENCES
url:https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15478
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15478
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2018-010245 // 
            
            
            
            CNNVD: CNNVD-201808-971 // 
            
            
            
            NVD: CVE-2018-15478

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2018-010245
db:CNNVDid:CNNVD-201808-971
db:NVDid:CVE-2018-15478

LAST UPDATE DATE
2025-01-30T21:36:29.616000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-010245date:2018-12-10T00:00:00
db:CNNVDid:CNNVD-201808-971date:2019-10-23T00:00:00
db:NVDid:CVE-2018-15478date:2024-11-21T03:50:53.880

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-010245date:2018-12-10T00:00:00
db:CNNVDid:CNNVD-201808-971date:2018-08-31T00:00:00
db:NVDid:CVE-2018-15478date:2018-08-30T17:29:01.363