Sign-up

ID

VAR-201903-0009


CVE

CVE-2019-3495


TITLE

Wifi-soft UniBox controller Device unrestricted upload vulnerability type file vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002852

DESCRIPTION

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. Wifi-soft UniBox controller The device contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wifi-soft's UniboxControllers is a fast-paced network controller for all large and small venues. There is a remote code injection vulnerability in Wifi-soft's UniboxControllers. An attacker can exploit a vulnerability to inject arbitrary code. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Name: Remote Code Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 0.x - 2.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Code Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3495 Name: Remote Command Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 0.x - 2.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Command Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3497 Name: Remote Command Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 3.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Command Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3496 I have posted all the technical details, POCs and root-cause analysis here: https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/ Best Regards, *Sahil Dhar * Information Security Consultant +91 9821544985 <http://goog_555023787> [image: https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/] <https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/>

Trust: 2.34

sources: NVD: CVE-2019-3495 // JVNDB: JVNDB-2019-002852 // CNVD: CNVD-2019-00769 // VULHUB: VHN-154930 // PACKETSTORM: 151077

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-00769

AFFECTED PRODUCTS

vendor:indionetworksmodel:uniboxscope:eqversion: -

Trust: 1.0

vendor:wifi softmodel:uniboxscope:eqversion:0.x to 2.x

Trust: 0.8

vendor:wifi softmodel:unibox controllerscope:gteversion:0.*,<=2.*

Trust: 0.6

sources: CNVD: CNVD-2019-00769 // JVNDB: JVNDB-2019-002852 // NVD: CVE-2019-3495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3495
value: HIGH

Trust: 1.0

NVD: CVE-2019-3495
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-00769
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-759
value: HIGH

Trust: 0.6

VULHUB: VHN-154930
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3495
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-00769
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-154930
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3495
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3495
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-00769 // VULHUB: VHN-154930 // JVNDB: JVNDB-2019-002852 // CNNVD: CNNVD-201903-759 // NVD: CVE-2019-3495

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

problemtype:CWE-798

Trust: 1.0

sources: VULHUB: VHN-154930 // JVNDB: JVNDB-2019-002852 // NVD: CVE-2019-3495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-759

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201903-759

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002852

PATCH
title:UniBox - Access Controllersurl:https://wifi-soft.com/unibox-controller/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002852

EXTERNAL IDS
db:NVDid:CVE-2019-3495
Trust: 3.2
db:PACKETSTORMid:151077
Trust: 1.8
db:JVNDBid:JVNDB-2019-002852
Trust: 0.8
db:CNNVDid:CNNVD-201903-759
Trust: 0.7
db:CNVDid:CNVD-2019-00769
Trust: 0.6
db:VULHUBid:VHN-154930
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-00769 // 
            
            
            
            VULHUB: VHN-154930 // 
            
            
            
            JVNDB: JVNDB-2019-002852 // 
            
            
            
            PACKETSTORM: 151077 // 
            
            
            
            CNNVD: CNNVD-201903-759 // 
            
            
            
            NVD: CVE-2019-3495

REFERENCES
url:https://sahildhar.github.io/blogpost/multiple-rce-vulnerabilties-in-unibox-controller-0.x-3.x/
Trust: 2.6
url:http://seclists.org/fulldisclosure/2019/jan/23
Trust: 2.3
url:http://packetstormsecurity.com/files/151077/wifi-soft-unibox-2.x-remote-command-code-injection.html
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-3495
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3495
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3497
Trust: 0.1
url:https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/>
Trust: 0.1
url:https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/]
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-3496
Trust: 0.1
url:http://goog_555023787>
Trust: 0.1
url:https://wifi-soft.com/unibox-controller/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-00769 // 
            
            
            
            VULHUB: VHN-154930 // 
            
            
            
            JVNDB: JVNDB-2019-002852 // 
            
            
            
            PACKETSTORM: 151077 // 
            
            
            
            CNNVD: CNNVD-201903-759 // 
            
            
            
            NVD: CVE-2019-3495

CREDITS
Sahil Dhar
Trust: 0.1
sources:
            
            
            PACKETSTORM: 151077

SOURCES
db:CNVDid:CNVD-2019-00769
db:VULHUBid:VHN-154930
db:JVNDBid:JVNDB-2019-002852
db:PACKETSTORMid:151077
db:CNNVDid:CNNVD-201903-759
db:NVDid:CVE-2019-3495

LAST UPDATE DATE
2024-11-23T21:52:29.114000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-00769date:2019-01-09T00:00:00
db:VULHUBid:VHN-154930date:2019-03-26T00:00:00
db:JVNDBid:JVNDB-2019-002852date:2019-04-24T00:00:00
db:CNNVDid:CNNVD-201903-759date:2021-07-26T00:00:00
db:NVDid:CVE-2019-3495date:2024-11-21T04:42:08.290

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-00769date:2019-01-09T00:00:00
db:VULHUBid:VHN-154930date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2019-002852date:2019-04-24T00:00:00
db:PACKETSTORMid:151077date:2019-01-09T09:22:22
db:CNNVDid:CNNVD-201903-759date:2019-03-21T00:00:00
db:NVDid:CVE-2019-3495date:2019-03-21T16:01:04.187