Details of VAR-201903-0011

ID

VAR-201903-0011

CVE

CVE-2019-3497

TITLE

Wifi-soft UniBox controller Command injection vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-002854

DESCRIPTION

An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. Wifi-soft UniBox controller The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands. Hello all, I would like to inform you about the Remote Command & Code Injection vulnerabilities found in Wifi-soft's Unibox Controllers. Name: Remote Code Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 0.x - 2.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Code Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3495 Name: Remote Command Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 0.x - 2.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Command Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3497 Name: Remote Command Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 3.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Command Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3496 I have posted all the technical details, POCs and root-cause analysis here: https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/ Best Regards, *Sahil Dhar * Information Security Consultant +91 9821544985 <http://goog_555023787> [image: https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/] <https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/>

Trust: 1.8

sources: NVD: CVE-2019-3497 // JVNDB: JVNDB-2019-002854 // VULHUB: VHN-154932 // PACKETSTORM: 151077

AFFECTED PRODUCTS

vendor:	indionetworks	model:	unibox	scope:	eq	version:	-	Trust: 1.0
vendor:	wifi soft	model:	unibox	scope:	eq	version:	0.x to 2.x	Trust: 0.8

sources: JVNDB: JVNDB-2019-002854 // NVD: CVE-2019-3497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3497
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-3497
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-761
value:	HIGH
Trust: 0.6
VULHUB:	VHN-154932
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-3497
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-154932
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3497
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-3497
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-154932 // JVNDB: JVNDB-2019-002854 // CNNVD: CNNVD-201903-761 // NVD: CVE-2019-3497

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.1
problemtype:	CWE-77	Trust: 0.9

sources: VULHUB: VHN-154932 // JVNDB: JVNDB-2019-002854 // NVD: CVE-2019-3497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-761

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201903-761

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002854

PATCH

title:

UniBox - Access Controllers

url:

https://wifi-soft.com/unibox-controller/

Trust: 0.8

sources: JVNDB: JVNDB-2019-002854

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3497	Trust: 2.6
db:	PACKETSTORM	id:	151077	Trust: 1.8
db:	JVNDB	id:	JVNDB-2019-002854	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-761	Trust: 0.7
db:	VULHUB	id:	VHN-154932	Trust: 0.1

sources: VULHUB: VHN-154932 // JVNDB: JVNDB-2019-002854 // PACKETSTORM: 151077 // CNNVD: CNNVD-201903-761 // NVD: CVE-2019-3497

REFERENCES

url:	https://sahildhar.github.io/blogpost/multiple-rce-vulnerabilties-in-unibox-controller-0.x-3.x/	Trust: 2.6
url:	http://packetstormsecurity.com/files/151077/wifi-soft-unibox-2.x-remote-command-code-injection.html	Trust: 2.3
url:	http://seclists.org/fulldisclosure/2019/jan/23	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3497	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3497	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3495	Trust: 0.1
url:	https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/>	Trust: 0.1
url:	https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/]	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3496	Trust: 0.1
url:	http://goog_555023787>	Trust: 0.1
url:	https://wifi-soft.com/unibox-controller/	Trust: 0.1

sources: VULHUB: VHN-154932 // JVNDB: JVNDB-2019-002854 // PACKETSTORM: 151077 // CNNVD: CNNVD-201903-761 // NVD: CVE-2019-3497

CREDITS

Sahil Dhar

Trust: 0.1

sources: PACKETSTORM: 151077

SOURCES

db:	VULHUB	id:	VHN-154932
db:	JVNDB	id:	JVNDB-2019-002854
db:	PACKETSTORM	id:	151077
db:	CNNVD	id:	CNNVD-201903-761
db:	NVD	id:	CVE-2019-3497

LAST UPDATE DATE

2024-11-23T21:52:29.084000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-154932	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-002854	date:	2019-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201903-761	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-3497	date:	2024-11-21T04:42:08.590

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-154932	date:	2019-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-002854	date:	2019-04-24T00:00:00
db:	PACKETSTORM	id:	151077	date:	2019-01-09T09:22:22
db:	CNNVD	id:	CNNVD-201903-761	date:	2019-03-21T00:00:00
db:	NVD	id:	CVE-2019-3497	date:	2019-03-21T16:01:04.280