ID
VAR-201810-0085
CVE
CVE-2018-10532
TITLE
EE 4GEE Vulnerabilities related to the use of hard-coded credentials on devices
Trust: 0.8
DESCRIPTION
An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the "AP Isolation" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients. EE 4GEE The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EE4GEEHH70HomeRouter is a home router. The EE4GEEHH70HomeRouter has a hard-coded RootSSH credential vulnerability. EE 4GEE HH70VB-2BE8GB3 is a home gateway product
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | ee | model: | 4gee | scope: | eq | version: | hh70_e1_02.00_19 | Trust: 1.0 |
| vendor: | ee | model: | 4gee wifi | scope: | eq | version: | hh70vb-2be8gb3 hh70_e1_02.00_19 | Trust: 0.8 |
| vendor: | ee | model: | limited 4gee router hh70vb-2be8gb3 hh70 e1 02.00 19 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.9 |
THREAT TYPE
specific network environment
Trust: 0.6
TYPE
lack of information
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | 4GEE WiFi | url: | https://ee.co.uk/help/help-new/home-broadband-ee-tv-home-phone-and-4gee-wifi/4gee-wifi/getting-started-on-4gee-wifi | Trust: 0.8 |
| title: | EE4GEEHH70HomeRouter Hardcoded Patch for RootSSH Credential Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/143525 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-10532 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2018-014070 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201810-1438 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2018-22245 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 150100 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-120301 | Trust: 0.1 |
REFERENCES
| url: | https://blog.jameshemmings.co.uk/2018/10/24/4gee-hh70-router-vulnerability-disclosure/ | Trust: 2.5 |
| url: | https://www.theregister.co.uk/2018/10/26/ee_4gee_hh70_ssh_backdoor/ | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10532 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-10532 | Trust: 0.8 |
| url: | https://seclists.org/fulldisclosure/2018/oct/52 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2018-22245 |
| db: | VULHUB | id: | VHN-120301 |
| db: | JVNDB | id: | JVNDB-2018-014070 |
| db: | CNNVD | id: | CNNVD-201810-1438 |
| db: | NVD | id: | CVE-2018-10532 |
LAST UPDATE DATE
2024-11-23T22:51:59.434000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-22245 | date: | 2018-11-02T00:00:00 |
| db: | VULHUB | id: | VHN-120301 | date: | 2019-01-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-014070 | date: | 2019-03-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1438 | date: | 2019-04-01T00:00:00 |
| db: | NVD | id: | CVE-2018-10532 | date: | 2024-11-21T03:41:30.490 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-22245 | date: | 2018-10-31T00:00:00 |
| db: | VULHUB | id: | VHN-120301 | date: | 2018-10-30T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-014070 | date: | 2019-03-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1438 | date: | 2018-10-31T00:00:00 |
| db: | NVD | id: | CVE-2018-10532 | date: | 2018-10-30T18:29:00.330 |