Sign-up

ID

VAR-201812-0137


CVE

CVE-2018-17777


TITLE

D-Link DVA-5592 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-014396

DESCRIPTION

An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges. D-Link DVA-5592 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DVA-5592 is a wireless router from D-Link. A security hole exists in D-Link DVA-5592 using firmware version A1_WI_20180823

Trust: 2.25

sources: NVD: CVE-2018-17777 // JVNDB: JVNDB-2018-014396 // CNVD: CNVD-2019-04199 // VULHUB: VHN-128270

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-04199

AFFECTED PRODUCTS

vendor:dlinkmodel:dva-5592scope:eqversion:a1_wi_20180823

Trust: 1.0

vendor:d linkmodel:dva-5592scope:eqversion:a1_wi_20180823

Trust: 0.8

vendor:d linkmodel:dva-5592 a1 wi 20180823scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-04199 // JVNDB: JVNDB-2018-014396 // NVD: CVE-2018-17777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17777
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-17777
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-04199
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201812-781
value: CRITICAL

Trust: 0.6

VULHUB: VHN-128270
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-17777
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-04199
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-128270
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-17777
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-17777
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-04199 // VULHUB: VHN-128270 // JVNDB: JVNDB-2018-014396 // CNNVD: CNNVD-201812-781 // NVD: CVE-2018-17777

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-128270 // JVNDB: JVNDB-2018-014396 // NVD: CVE-2018-17777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-781

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201812-781

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014396

PATCH
title:Top Pageurl:http://www.dlink.lt/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014396

EXTERNAL IDS
db:NVDid:CVE-2018-17777
Trust: 3.1
db:JVNDBid:JVNDB-2018-014396
Trust: 0.8
db:CNVDid:CNVD-2019-04199
Trust: 0.6
db:CNNVDid:CNNVD-201812-781
Trust: 0.6
db:VULHUBid:VHN-128270
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-04199 // 
            
            
            
            VULHUB: VHN-128270 // 
            
            
            
            JVNDB: JVNDB-2018-014396 // 
            
            
            
            CNNVD: CNNVD-201812-781 // 
            
            
            
            NVD: CVE-2018-17777

REFERENCES
url:https://www.gubello.me/blog/router-dlink-dva-5592-authentication-bypass/
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17777
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17777
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-04199 // 
            
            
            
            VULHUB: VHN-128270 // 
            
            
            
            JVNDB: JVNDB-2018-014396 // 
            
            
            
            CNNVD: CNNVD-201812-781 // 
            
            
            
            NVD: CVE-2018-17777

SOURCES
db:CNVDid:CNVD-2019-04199
db:VULHUBid:VHN-128270
db:JVNDBid:JVNDB-2018-014396
db:CNNVDid:CNNVD-201812-781
db:NVDid:CVE-2018-17777

LAST UPDATE DATE
2024-11-23T22:34:04.621000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-04199date:2019-02-15T00:00:00
db:VULHUBid:VHN-128270date:2019-02-07T00:00:00
db:JVNDBid:JVNDB-2018-014396date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201812-781date:2021-04-25T00:00:00
db:NVDid:CVE-2018-17777date:2024-11-21T03:54:57.460

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-04199date:2019-02-15T00:00:00
db:VULHUBid:VHN-128270date:2018-12-18T00:00:00
db:JVNDBid:JVNDB-2018-014396date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201812-781date:2018-12-19T00:00:00
db:NVDid:CVE-2018-17777date:2018-12-18T22:29:04.790