Sign-up

ID

VAR-201810-0463


CVE

CVE-2018-17923


TITLE

GAIN Electronic Co. Ltd SAGA1-L Series Incorrect authentication vulnerability

Trust: 0.8

sources: IVD: 7d825c10-463f-11e9-b3f6-000c29342cb1 // CNVD: CNVD-2018-22092

DESCRIPTION

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. SAGA1-L8B There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the device programming mechanism. The device is insufficiently protected from unauthorized firmware updates. An attacker can leverage this vulnerability to bypass authentication and install persistent malicious firmware on the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities: 1. An local-authentication bypass vulnerability 3

Trust: 3.24

sources: NVD: CVE-2018-17923 // JVNDB: JVNDB-2018-013642 // ZDI: ZDI-18-1318 // CNVD: CNVD-2018-22092 // BID: 105729 // IVD: 7d825c10-463f-11e9-b3f6-000c29342cb1

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 7d825c10-463f-11e9-b3f6-000c29342cb1 // CNVD: CNVD-2018-22092

AFFECTED PRODUCTS

vendor:sagaradiomodel:saga1-l8bscope:ltversion:a0.10

Trust: 1.0

vendor:gain electronicmodel:saga1-l8bscope:ltversion:a0.10

Trust: 0.8

vendor:sagamodel:saga1-l8bscope: - version: -

Trust: 0.7

vendor:gainmodel:electronic saga1-l series <=a0.10scope: - version: -

Trust: 0.6

vendor:gainmodel:electronic saga1-l seriesscope:eqversion:0

Trust: 0.3

vendor:gainmodel:electronic saga1-l series a0.10scope:neversion: -

Trust: 0.3

vendor:saga1 l8bmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d825c10-463f-11e9-b3f6-000c29342cb1 // ZDI: ZDI-18-1318 // CNVD: CNVD-2018-22092 // BID: 105729 // JVNDB: JVNDB-2018-013642 // NVD: CVE-2018-17923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17923
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-17923
value: MEDIUM

Trust: 0.8

ZDI: CVE-2018-17923
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2018-22092
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-1208
value: MEDIUM

Trust: 0.6

IVD: 7d825c10-463f-11e9-b3f6-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-17923
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-22092
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d825c10-463f-11e9-b3f6-000c29342cb1
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17923
baseSeverity: MEDIUM
baseScore: 6.9
vectorString: CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.3
impactScore: 6.0
version: 3.0

Trust: 1.8

ZDI: CVE-2018-17923
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.2
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: IVD: 7d825c10-463f-11e9-b3f6-000c29342cb1 // ZDI: ZDI-18-1318 // CNVD: CNVD-2018-22092 // JVNDB: JVNDB-2018-013642 // CNNVD: CNNVD-201810-1208 // NVD: CVE-2018-17923

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-013642 // NVD: CVE-2018-17923

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1208

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201810-1208

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013642

PATCH
title:SAGA1-L6B & L8Burl:http://www.sagaradio.com.tw/SAGA1-L6B.html
Trust: 0.8
title:SAGA has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02
Trust: 0.7
title:GAINElectronicCo.LtdSAGA1-LSeries patch for incorrect authentication vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/143425
Trust: 0.6
title:GAIN SAGA1-L Series Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86296
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1318 // 
            
            
            
            CNVD: CNVD-2018-22092 // 
            
            
            
            JVNDB: JVNDB-2018-013642 // 
            
            
            
            CNNVD: CNNVD-201810-1208

EXTERNAL IDS
db:NVDid:CVE-2018-17923
Trust: 4.2
db:ICS CERTid:ICSA-18-296-02
Trust: 3.3
db:BIDid:105729
Trust: 1.9
db:CNVDid:CNVD-2018-22092
Trust: 0.8
db:CNNVDid:CNNVD-201810-1208
Trust: 0.8
db:JVNDBid:JVNDB-2018-013642
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6542
Trust: 0.7
db:ZDIid:ZDI-18-1318
Trust: 0.7
db:IVDid:7D825C10-463F-11E9-B3F6-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: 7d825c10-463f-11e9-b3f6-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-1318 // 
            
            
            
            CNVD: CNVD-2018-22092 // 
            
            
            
            BID: 105729 // 
            
            
            
            JVNDB: JVNDB-2018-013642 // 
            
            
            
            CNNVD: CNNVD-201810-1208 // 
            
            
            
            NVD: CVE-2018-17923

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-02
Trust: 4.0
url:http://www.securityfocus.com/bid/105729
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17923
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17923
Trust: 0.8
url:http://www.sagaradio.com.tw/about.html
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-1318 // 
            
            
            
            CNVD: CNVD-2018-22092 // 
            
            
            
            BID: 105729 // 
            
            
            
            JVNDB: JVNDB-2018-013642 // 
            
            
            
            CNNVD: CNNVD-201810-1208 // 
            
            
            
            NVD: CVE-2018-17923

CREDITS
Philippe Lin, Jonathan Andersson, Rainer Vosseler, Federico Maggi, Urano Akira, Stephen Hilt, Marco Balduzzi
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1318

SOURCES
db:IVDid:7d825c10-463f-11e9-b3f6-000c29342cb1
db:ZDIid:ZDI-18-1318
db:CNVDid:CNVD-2018-22092
db:BIDid:105729
db:JVNDBid:JVNDB-2018-013642
db:CNNVDid:CNNVD-201810-1208
db:NVDid:CVE-2018-17923

LAST UPDATE DATE
2024-11-23T22:00:16.588000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1318date:2018-10-25T00:00:00
db:CNVDid:CNVD-2018-22092date:2018-12-14T00:00:00
db:BIDid:105729date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-013642date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-1208date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17923date:2024-11-21T03:55:12.953

SOURCES RELEASE DATE
db:IVDid:7d825c10-463f-11e9-b3f6-000c29342cb1date:2018-10-29T00:00:00
db:ZDIid:ZDI-18-1318date:2018-10-25T00:00:00
db:CNVDid:CNVD-2018-22092date:2018-10-29T00:00:00
db:BIDid:105729date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-013642date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-1208date:2018-10-24T00:00:00
db:NVDid:CVE-2018-17923date:2018-10-24T22:29:01.150