Sign-up

ID

VAR-201810-0462


CVE

CVE-2018-17921


TITLE

GAIN Electronic Co. Ltd SAGA1-L Series Access control vulnerability

Trust: 0.8

sources: IVD: e2feefe2-39ab-11e9-a31b-000c29342cb1 // CNVD: CNVD-2018-22093

DESCRIPTION

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. SAGA1-L8B Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of communication between the transmitter and receiver. By sending a crafted re-pairing packet an attacker can force a receiver to pair with a new transmitter without user interaction. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities: 1. An authentication bypass vulnerability 2. An local-authentication bypass vulnerability 3. An access bypass vulnerability An attacker can exploit these issues to bypass authentication mechanism, disclose sensitive information and perform unauthorized actions

Trust: 3.33

sources: NVD: CVE-2018-17921 // JVNDB: JVNDB-2018-013875 // ZDI: ZDI-18-1317 // CNVD: CNVD-2018-22093 // BID: 105729 // IVD: e2feefe2-39ab-11e9-a31b-000c29342cb1 // VULMON: CVE-2018-17921

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2feefe2-39ab-11e9-a31b-000c29342cb1 // CNVD: CNVD-2018-22093

AFFECTED PRODUCTS

vendor:sagaradiomodel:saga1-l8bscope:ltversion:a0.10

Trust: 1.0

vendor:gain electronicmodel:saga1-l8bscope:ltversion:a0.10

Trust: 0.8

vendor:sagamodel:saga1-l8bscope: - version: -

Trust: 0.7

vendor:gainmodel:electronic saga1-l series <=a0.10scope: - version: -

Trust: 0.6

vendor:gainmodel:electronic saga1-l seriesscope:eqversion:0

Trust: 0.3

vendor:gainmodel:electronic saga1-l series a0.10scope:neversion: -

Trust: 0.3

vendor:saga1 l8bmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2feefe2-39ab-11e9-a31b-000c29342cb1 // ZDI: ZDI-18-1317 // CNVD: CNVD-2018-22093 // BID: 105729 // JVNDB: JVNDB-2018-013875 // NVD: CVE-2018-17921

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17921
value: HIGH

Trust: 1.0

NVD: CVE-2018-17921
value: HIGH

Trust: 0.8

ZDI: CVE-2018-17921
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-22093
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-1236
value: HIGH

Trust: 0.6

IVD: e2feefe2-39ab-11e9-a31b-000c29342cb1
value: HIGH

Trust: 0.2

VULMON: CVE-2018-17921
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-17921
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-22093
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2feefe2-39ab-11e9-a31b-000c29342cb1
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17921
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-17921
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2018-17921
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: e2feefe2-39ab-11e9-a31b-000c29342cb1 // ZDI: ZDI-18-1317 // CNVD: CNVD-2018-22093 // VULMON: CVE-2018-17921 // JVNDB: JVNDB-2018-013875 // CNNVD: CNNVD-201810-1236 // NVD: CVE-2018-17921

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

problemtype:NVD-CWE-Other

Trust: 1.0

sources: JVNDB: JVNDB-2018-013875 // NVD: CVE-2018-17921

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1236

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201810-1236

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013875

PATCH
title:SAGA1-L6B & L8Burl:http://www.sagaradio.com.tw/SAGA1-L6B.html
Trust: 0.8
title:SAGA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02
Trust: 0.7
title:GAINElectronicCo.LtdSAGA1-LSeries Access Control Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/143423
Trust: 0.6
title:GAIN SAGA1-L8B Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86318
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1317 // 
            
            
            
            CNVD: CNVD-2018-22093 // 
            
            
            
            JVNDB: JVNDB-2018-013875 // 
            
            
            
            CNNVD: CNNVD-201810-1236

EXTERNAL IDS
db:NVDid:CVE-2018-17921
Trust: 4.3
db:ICS CERTid:ICSA-18-296-02
Trust: 3.4
db:BIDid:105729
Trust: 2.0
db:CNVDid:CNVD-2018-22093
Trust: 0.8
db:CNNVDid:CNNVD-201810-1236
Trust: 0.8
db:JVNDBid:JVNDB-2018-013875
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6526
Trust: 0.7
db:ZDIid:ZDI-18-1317
Trust: 0.7
db:IVDid:E2FEEFE2-39AB-11E9-A31B-000C29342CB1
Trust: 0.2
db:VULMONid:CVE-2018-17921
Trust: 0.1
sources:
            
            
            IVD: e2feefe2-39ab-11e9-a31b-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-1317 // 
            
            
            
            CNVD: CNVD-2018-22093 // 
            
            
            
            VULMON: CVE-2018-17921 // 
            
            
            
            BID: 105729 // 
            
            
            
            JVNDB: JVNDB-2018-013875 // 
            
            
            
            CNNVD: CNNVD-201810-1236 // 
            
            
            
            NVD: CVE-2018-17921

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-02
Trust: 4.1
url:http://www.securityfocus.com/bid/105729
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17921
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17921
Trust: 0.8
url:http://www.sagaradio.com.tw/about.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-1317 // 
            
            
            
            CNVD: CNVD-2018-22093 // 
            
            
            
            VULMON: CVE-2018-17921 // 
            
            
            
            BID: 105729 // 
            
            
            
            JVNDB: JVNDB-2018-013875 // 
            
            
            
            CNNVD: CNNVD-201810-1236 // 
            
            
            
            NVD: CVE-2018-17921

CREDITS
Philippe Lin, Jonathan Andersson, Rainer Vosseler, Federico Maggi, Urano Akira, Stephen Hilt, Marco Balduzzi
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1317

SOURCES
db:IVDid:e2feefe2-39ab-11e9-a31b-000c29342cb1
db:ZDIid:ZDI-18-1317
db:CNVDid:CNVD-2018-22093
db:VULMONid:CVE-2018-17921
db:BIDid:105729
db:JVNDBid:JVNDB-2018-013875
db:CNNVDid:CNNVD-201810-1236
db:NVDid:CVE-2018-17921

LAST UPDATE DATE
2024-11-23T22:00:16.545000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1317date:2018-10-25T00:00:00
db:CNVDid:CNVD-2018-22093date:2018-10-29T00:00:00
db:VULMONid:CVE-2018-17921date:2020-09-18T00:00:00
db:BIDid:105729date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-013875date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201810-1236date:2020-09-21T00:00:00
db:NVDid:CVE-2018-17921date:2024-11-21T03:55:12.693

SOURCES RELEASE DATE
db:IVDid:e2feefe2-39ab-11e9-a31b-000c29342cb1date:2018-10-29T00:00:00
db:ZDIid:ZDI-18-1317date:2018-10-25T00:00:00
db:CNVDid:CNVD-2018-22093date:2018-10-29T00:00:00
db:VULMONid:CVE-2018-17921date:2018-10-24T00:00:00
db:BIDid:105729date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-013875date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201810-1236date:2018-10-25T00:00:00
db:NVDid:CVE-2018-17921date:2018-10-24T22:29:01.073