Sign-up

ID

VAR-201810-1604


CVE

CVE-2018-11336


TITLE

Fastweb FASTGate modem Unauthorized Remote Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-20876

DESCRIPTION

Fastweb is a Swisscom subnet and is the main fixed network operator in Italy. FASTGate is Fastweb's latest generation of modems. There is an unauthorized remote command execution vulnerability in FastwebFASTGatemodem. An attacker can execute arbitrary commands on a remote device without authentication.

Trust: 0.6

sources: CNVD: CNVD-2018-20876

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20876

AFFECTED PRODUCTS

vendor:fastwebmodel:fastgate 0.00.67 fw 200 askeyscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-20876

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-20876
value: HIGH

Trust: 0.6

CNVD: CNVD-2018-20876
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2018-20876

PATCH

title:FastwebFASTGatemodem does not authorize patches for remote command execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/142283

Trust: 0.6

sources: CNVD: CNVD-2018-20876

EXTERNAL IDS

db:NVDid:CVE-2018-11336

Trust: 0.6

db:CNVDid:CNVD-2018-20876

Trust: 0.6

sources: CNVD: CNVD-2018-20876

REFERENCES

url:https://www.fastweb.it/myfastpage/assistenza/guide/fastgate/

Trust: 0.6

sources: CNVD: CNVD-2018-20876

SOURCES

db:CNVDid:CNVD-2018-20876

LAST UPDATE DATE

2022-05-04T10:00:32.731000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-20876date:2018-10-15T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-20876date:2018-10-15T00:00:00