Sign-up

ID

VAR-201810-0425


CVE

CVE-2018-17873


TITLE

WiFiRanger Device key management error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013971

DESCRIPTION

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account. WiFiRanger The device contains a vulnerability related to key management errors.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WiFiRanger is a WiFi signal repeater

Trust: 1.71

sources: NVD: CVE-2018-17873 // JVNDB: JVNDB-2018-013971 // VULHUB: VHN-128376

AFFECTED PRODUCTS

vendor:wifirangermodel:wifirangerscope:lteversion:7.0.8

Trust: 1.0

vendor:wifirangermodel:wifirangerscope:lteversion:7.0.8rc3

Trust: 0.8

sources: JVNDB: JVNDB-2018-013971 // NVD: CVE-2018-17873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17873
value: HIGH

Trust: 1.0

NVD: CVE-2018-17873
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1072
value: HIGH

Trust: 0.6

VULHUB: VHN-128376
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-17873
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-128376
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-17873
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-128376 // JVNDB: JVNDB-2018-013971 // CNNVD: CNNVD-201810-1072 // NVD: CVE-2018-17873

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-320

Trust: 0.9

sources: VULHUB: VHN-128376 // JVNDB: JVNDB-2018-013971 // NVD: CVE-2018-17873

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1072

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1072

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013971

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-128376

PATCH
title:Top Pageurl:https://wifiranger.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013971

EXTERNAL IDS
db:PACKETSTORMid:149867
Trust: 2.5
db:NVDid:CVE-2018-17873
Trust: 2.5
db:JVNDBid:JVNDB-2018-013971
Trust: 0.8
db:CNNVDid:CNNVD-201810-1072
Trust: 0.7
db:VULHUBid:VHN-128376
Trust: 0.1
sources:
            
            
            VULHUB: VHN-128376 // 
            
            
            
            JVNDB: JVNDB-2018-013971 // 
            
            
            
            CNNVD: CNNVD-201810-1072 // 
            
            
            
            NVD: CVE-2018-17873

REFERENCES
url:http://packetstormsecurity.com/files/149867/wifiranger-7.0.8rc3-incorrect-access-control-privilege-escalation.html
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17873
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17873
Trust: 0.8
sources:
            
            
            VULHUB: VHN-128376 // 
            
            
            
            JVNDB: JVNDB-2018-013971 // 
            
            
            
            CNNVD: CNNVD-201810-1072 // 
            
            
            
            NVD: CVE-2018-17873

SOURCES
db:VULHUBid:VHN-128376
db:JVNDBid:JVNDB-2018-013971
db:CNNVDid:CNNVD-201810-1072
db:NVDid:CVE-2018-17873

LAST UPDATE DATE
2024-11-23T23:04:57.390000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-128376date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-013971date:2019-03-07T00:00:00
db:CNNVDid:CNNVD-201810-1072date:2020-08-25T00:00:00
db:NVDid:CVE-2018-17873date:2024-11-21T03:55:06.487

SOURCES RELEASE DATE
db:VULHUBid:VHN-128376date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-013971date:2019-03-07T00:00:00
db:CNNVDid:CNNVD-201810-1072date:2018-10-22T00:00:00
db:NVDid:CVE-2018-17873date:2018-10-23T21:30:53.567