Details of VAR-201809-0915

ID

VAR-201809-0915

CVE

CVE-2018-16310

TITLE

TG588V V2 The device is vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2018-009486

DESCRIPTION

Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. ** Unsettled ** This case has not been confirmed as a vulnerability. TG588V V2 The device contains a resource exhaustion vulnerability. The vendor disputes this vulnerability. For more information, see the following: NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-16310Service operation interruption (DoS) It may be in a state. Technicolor TG588V V2 is an ADSL VDSL router

Trust: 2.25

sources: NVD: CVE-2018-16310 // JVNDB: JVNDB-2018-009486 // CNVD: CNVD-2019-42721 // VULHUB: VHN-126657

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-42721

AFFECTED PRODUCTS

vendor:	technicolor	model:	tg588v	scope:	eq	version:	-	Trust: 2.4
vendor:	technicolor	model:	tg588v	scope:	eq	version:	tg588v firmware	Trust: 0.8
vendor:	technicolor	model:	tg588v	scope:	eq	version:	v2	Trust: 0.6

sources: CNVD: CNVD-2019-42721 // JVNDB: JVNDB-2018-009486 // CNNVD: CNNVD-201809-290 // NVD: CVE-2018-16310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-16310
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-16310
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-42721
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201809-290
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-126657
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-16310
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-42721
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-126657
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-16310
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0
OTHER:	JVNDB-2018-009486
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-42721 // VULHUB: VHN-126657 // JVNDB: JVNDB-2018-009486 // CNNVD: CNNVD-201809-290 // NVD: CVE-2018-16310

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-254	Trust: 0.1

sources: VULHUB: VHN-126657 // JVNDB: JVNDB-2018-009486 // NVD: CVE-2018-16310

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-290

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-290

PATCH

title:

Top Page

url:

https://www.technicolor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-009486

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16310	Trust: 3.9
db:	JVNDB	id:	JVNDB-2018-009486	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-290	Trust: 0.7
db:	CNVD	id:	CNVD-2019-42721	Trust: 0.6
db:	VULHUB	id:	VHN-126657	Trust: 0.1

sources: CNVD: CNVD-2019-42721 // VULHUB: VHN-126657 // JVNDB: JVNDB-2018-009486 // CNNVD: CNNVD-201809-290 // NVD: CVE-2018-16310

REFERENCES

url:	http://buddieshub27.blogspot.com/2018/09/cve-2018-16310-technicolor-tg588v-v2.html	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16310	Trust: 1.4

sources: CNVD: CNVD-2019-42721 // VULHUB: VHN-126657 // JVNDB: JVNDB-2018-009486 // CNNVD: CNNVD-201809-290 // NVD: CVE-2018-16310

SOURCES

db:	CNVD	id:	CNVD-2019-42721
db:	VULHUB	id:	VHN-126657
db:	JVNDB	id:	JVNDB-2018-009486
db:	CNNVD	id:	CNNVD-201809-290
db:	NVD	id:	CVE-2018-16310

LAST UPDATE DATE

2024-11-23T22:58:51.172000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42721	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-126657	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-009486	date:	2024-07-08T08:57:00
db:	CNNVD	id:	CNNVD-201809-290	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-16310	date:	2024-11-21T03:52:30.190

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42721	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-126657	date:	2018-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-009486	date:	2018-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201809-290	date:	2018-09-07T00:00:00
db:	NVD	id:	CVE-2018-16310	date:	2018-09-06T23:29:01.350