Sign-up

ID

VAR-201903-0010


CVE

CVE-2019-3496


TITLE

Wifi-soft UniBox controller Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-002853

DESCRIPTION

An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. Wifi-soft UniBox controller The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wifi-soft's UniboxControllers is a fast-paced network controller for all large and small venues. There is a remote code injection vulnerability in Wifi-soft's UniboxControllers. An attacker can exploit a vulnerability to inject arbitrary code. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Name: Remote Code Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 0.x - 2.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Code Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3495 Name: Remote Command Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 0.x - 2.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Command Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3497 Name: Remote Command Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 3.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Command Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3496 I have posted all the technical details, POCs and root-cause analysis here: https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/ Best Regards, *Sahil Dhar * Information Security Consultant +91 9821544985 <http://goog_555023787> [image: https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/] <https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/>

Trust: 2.34

sources: NVD: CVE-2019-3496 // JVNDB: JVNDB-2019-002853 // CNVD: CNVD-2019-00771 // VULHUB: VHN-154931 // PACKETSTORM: 151077

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-00771

AFFECTED PRODUCTS

vendor:indionetworksmodel:uniboxscope:eqversion: -

Trust: 1.0

vendor:wifi softmodel:uniboxscope:eqversion:3.x

Trust: 0.8

vendor:wifi softmodel:unibox controllerscope:gteversion:0.*,<=2.*

Trust: 0.6

sources: CNVD: CNVD-2019-00771 // JVNDB: JVNDB-2019-002853 // NVD: CVE-2019-3496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3496
value: HIGH

Trust: 1.0

NVD: CVE-2019-3496
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-00771
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201903-760
value: HIGH

Trust: 0.6

VULHUB: VHN-154931
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3496
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-00771
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-154931
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3496
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3496
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-00771 // VULHUB: VHN-154931 // JVNDB: JVNDB-2019-002853 // CNNVD: CNNVD-201903-760 // NVD: CVE-2019-3496

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-154931 // JVNDB: JVNDB-2019-002853 // NVD: CVE-2019-3496

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-760

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201903-760

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002853

PATCH
title:UniBox - Access Controllersurl:https://wifi-soft.com/unibox-controller/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-002853

EXTERNAL IDS
db:NVDid:CVE-2019-3496
Trust: 3.2
db:PACKETSTORMid:151077
Trust: 1.8
db:JVNDBid:JVNDB-2019-002853
Trust: 0.8
db:CNNVDid:CNNVD-201903-760
Trust: 0.7
db:CNVDid:CNVD-2019-00771
Trust: 0.6
db:VULHUBid:VHN-154931
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-00771 // 
            
            
            
            VULHUB: VHN-154931 // 
            
            
            
            JVNDB: JVNDB-2019-002853 // 
            
            
            
            PACKETSTORM: 151077 // 
            
            
            
            CNNVD: CNNVD-201903-760 // 
            
            
            
            NVD: CVE-2019-3496

REFERENCES
url:https://sahildhar.github.io/blogpost/multiple-rce-vulnerabilties-in-unibox-controller-0.x-3.x/
Trust: 2.6
url:http://seclists.org/fulldisclosure/2019/jan/23
Trust: 2.3
url:http://packetstormsecurity.com/files/151077/wifi-soft-unibox-2.x-remote-command-code-injection.html
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-3496
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3496
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3497
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-3495
Trust: 0.1
url:https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/>
Trust: 0.1
url:https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/]
Trust: 0.1
url:http://goog_555023787>
Trust: 0.1
url:https://wifi-soft.com/unibox-controller/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-00771 // 
            
            
            
            VULHUB: VHN-154931 // 
            
            
            
            JVNDB: JVNDB-2019-002853 // 
            
            
            
            PACKETSTORM: 151077 // 
            
            
            
            CNNVD: CNNVD-201903-760 // 
            
            
            
            NVD: CVE-2019-3496

CREDITS
Sahil Dhar
Trust: 0.1
sources:
            
            
            PACKETSTORM: 151077

SOURCES
db:CNVDid:CNVD-2019-00771
db:VULHUBid:VHN-154931
db:JVNDBid:JVNDB-2019-002853
db:PACKETSTORMid:151077
db:CNNVDid:CNNVD-201903-760
db:NVDid:CVE-2019-3496

LAST UPDATE DATE
2024-11-23T21:52:28.661000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-00771date:2019-01-09T00:00:00
db:VULHUBid:VHN-154931date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-002853date:2019-04-24T00:00:00
db:CNNVDid:CNNVD-201903-760date:2020-10-28T00:00:00
db:NVDid:CVE-2019-3496date:2024-11-21T04:42:08.440

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-00771date:2019-01-09T00:00:00
db:VULHUBid:VHN-154931date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2019-002853date:2019-04-24T00:00:00
db:PACKETSTORMid:151077date:2019-01-09T09:22:22
db:CNNVDid:CNNVD-201903-760date:2019-03-21T00:00:00
db:NVDid:CVE-2019-3496date:2019-03-21T16:01:04.233