Sign-up

ID

VAR-201809-0448


CVE

CVE-2018-11240


TITLE

SoftCase T-Router Device permission vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012421

DESCRIPTION

An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on the 'exec command' feature of the T-Router protocol. If the command syntax is correct, there is code execution both on the other modem and on the main servers. This is fixed in production builds as of Spring 2018. SoftCase T-Router The device contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SoftCase T-Router is a security router produced by Russian SoftCase company

Trust: 1.8

sources: NVD: CVE-2018-11240 // JVNDB: JVNDB-2018-012421 // VULHUB: VHN-121080 // VULMON: CVE-2018-11240

AFFECTED PRODUCTS

vendor:softcasemodel:t-routerscope:eqversion:20112017

Trust: 1.6

vendor:softcasemodel:t-routerscope:eqversion:build 20112017

Trust: 0.8

sources: JVNDB: JVNDB-2018-012421 // CNNVD: CNNVD-201809-1078 // NVD: CVE-2018-11240

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11240
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11240
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201809-1078
value: CRITICAL

Trust: 0.6

VULHUB: VHN-121080
value: HIGH

Trust: 0.1

VULMON: CVE-2018-11240
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11240
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-121080
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11240
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121080 // VULMON: CVE-2018-11240 // JVNDB: JVNDB-2018-012421 // CNNVD: CNNVD-201809-1078 // NVD: CVE-2018-11240

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-121080 // JVNDB: JVNDB-2018-012421 // NVD: CVE-2018-11240

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1078

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201809-1078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012421

PATCH
title:Top Pageurl:http://softcase.ru/en/equipment_global.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012421

EXTERNAL IDS
db:NVDid:CVE-2018-11240
Trust: 2.6
db:JVNDBid:JVNDB-2018-012421
Trust: 0.8
db:CNNVDid:CNNVD-201809-1078
Trust: 0.7
db:VULHUBid:VHN-121080
Trust: 0.1
db:VULMONid:CVE-2018-11240
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121080 // 
            
            
            
            VULMON: CVE-2018-11240 // 
            
            
            
            JVNDB: JVNDB-2018-012421 // 
            
            
            
            CNNVD: CNNVD-201809-1078 // 
            
            
            
            NVD: CVE-2018-11240

REFERENCES
url:https://gist.github.com/neolead/1b90d8df7ef4fd1d3d03c1265e5804ac#file-cve-2018-11240-txt
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11240
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11240
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/732.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121080 // 
            
            
            
            VULMON: CVE-2018-11240 // 
            
            
            
            JVNDB: JVNDB-2018-012421 // 
            
            
            
            CNNVD: CNNVD-201809-1078 // 
            
            
            
            NVD: CVE-2018-11240

SOURCES
db:VULHUBid:VHN-121080
db:VULMONid:CVE-2018-11240
db:JVNDBid:JVNDB-2018-012421
db:CNNVDid:CNNVD-201809-1078
db:NVDid:CVE-2018-11240

LAST UPDATE DATE
2024-11-23T21:38:19.040000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121080date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-11240date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-012421date:2019-02-04T00:00:00
db:CNNVDid:CNNVD-201809-1078date:2020-10-23T00:00:00
db:NVDid:CVE-2018-11240date:2024-11-21T03:42:58.360

SOURCES RELEASE DATE
db:VULHUBid:VHN-121080date:2018-09-21T00:00:00
db:VULMONid:CVE-2018-11240date:2018-09-21T00:00:00
db:JVNDBid:JVNDB-2018-012421date:2019-02-04T00:00:00
db:CNNVDid:CNNVD-201809-1078date:2018-09-25T00:00:00
db:NVDid:CVE-2018-11240date:2018-09-21T15:29:00.327