Sign-up

ID

VAR-201808-0495


CVE

CVE-2018-15350


TITLE

Kraftway 24F2XG Router Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-009091

DESCRIPTION

Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. Kraftway 24F2XG Router Firmware vulnerabilities related to authorization, authority, and access controlInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kraftway 24F2XG Router is a wireless router product of Russian Kraftway company. The vulnerability is caused by the program using default credentials. A remote attacker could exploit this vulnerability to gain administrative privileges

Trust: 1.8

sources: NVD: CVE-2018-15350 // JVNDB: JVNDB-2018-009091 // VULHUB: VHN-125601 // VULMON: CVE-2018-15350

AFFECTED PRODUCTS

vendor:kraftwaymodel:24f2xg routerscope:eqversion:3.5.30.1118

Trust: 1.4

vendor:kraftwaymodel:24f2xg routerscope:lteversion:3.5.30.1118

Trust: 1.0

sources: JVNDB: JVNDB-2018-009091 // CNNVD: CNNVD-201808-555 // NVD: CVE-2018-15350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15350
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-15350
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201808-555
value: CRITICAL

Trust: 0.6

VULHUB: VHN-125601
value: HIGH

Trust: 0.1

VULMON: CVE-2018-15350
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15350
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-125601
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15350
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125601 // VULMON: CVE-2018-15350 // JVNDB: JVNDB-2018-009091 // CNNVD: CNNVD-201808-555 // NVD: CVE-2018-15350

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-125601 // JVNDB: JVNDB-2018-009091 // NVD: CVE-2018-15350

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-555

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-555

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009091

PATCH
title:Top Pageurl:https://kraftway.ru/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-009091

EXTERNAL IDS
db:NVDid:CVE-2018-15350
Trust: 2.6
db:JVNDBid:JVNDB-2018-009091
Trust: 0.8
db:CNNVDid:CNNVD-201808-555
Trust: 0.7
db:VULHUBid:VHN-125601
Trust: 0.1
db:VULMONid:CVE-2018-15350
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125601 // 
            
            
            
            VULMON: CVE-2018-15350 // 
            
            
            
            JVNDB: JVNDB-2018-009091 // 
            
            
            
            CNNVD: CNNVD-201808-555 // 
            
            
            
            NVD: CVE-2018-15350

REFERENCES
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-006-kraftway-24f2xg-router-default-credentials/
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15350
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15350
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/1188.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125601 // 
            
            
            
            VULMON: CVE-2018-15350 // 
            
            
            
            JVNDB: JVNDB-2018-009091 // 
            
            
            
            CNNVD: CNNVD-201808-555 // 
            
            
            
            NVD: CVE-2018-15350

SOURCES
db:VULHUBid:VHN-125601
db:VULMONid:CVE-2018-15350
db:JVNDBid:JVNDB-2018-009091
db:CNNVDid:CNNVD-201808-555
db:NVDid:CVE-2018-15350

LAST UPDATE DATE
2024-11-23T22:12:22.436000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125601date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-15350date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-009091date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201808-555date:2019-10-23T00:00:00
db:NVDid:CVE-2018-15350date:2024-11-21T03:50:35.903

SOURCES RELEASE DATE
db:VULHUBid:VHN-125601date:2018-08-17T00:00:00
db:VULMONid:CVE-2018-15350date:2018-08-17T00:00:00
db:JVNDBid:JVNDB-2018-009091date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201808-555date:2018-08-20T00:00:00
db:NVDid:CVE-2018-15350date:2018-08-17T14:29:00.263