Sign-up

ID

VAR-201903-1433


CVE

CVE-2018-19879


TITLE

Teltonika RTU9XX Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-015225

DESCRIPTION

An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. Teltonika RTU9XX The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TeltonikaRUT9XX (LuCI) is a LET router product from Teltonika, Lithuania. There is a security vulnerability in /cgi-bin/luci in version R_31.04.89 prior to TeltonikaRTU9XXR_00.05.00.5

Trust: 2.25

sources: NVD: CVE-2018-19879 // JVNDB: JVNDB-2018-015225 // CNVD: CNVD-2019-09285 // VULHUB: VHN-130582

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-09285

AFFECTED PRODUCTS

vendor:teltonikamodel:rut950scope:eqversion:r_31.04.89

Trust: 1.0

vendor:teltonikamodel:rut950scope:eqversion:r_00.05.00.5

Trust: 0.8

vendor:teltonikamodel:rut950scope:ltversion:r_31.04.89

Trust: 0.8

vendor:teltonikamodel:rtu9xx r 31.04.89scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-09285 // JVNDB: JVNDB-2018-015225 // NVD: CVE-2018-19879

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19879
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2018-19879
value: HIGH

Trust: 1.0

NVD: CVE-2018-19879
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-09285
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201903-1142
value: CRITICAL

Trust: 0.6

VULHUB: VHN-130582
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-19879
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-09285
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-130582
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19879
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

cve@mitre.org: CVE-2018-19879
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.7
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-09285 // VULHUB: VHN-130582 // JVNDB: JVNDB-2018-015225 // CNNVD: CNNVD-201903-1142 // NVD: CVE-2018-19879 // NVD: CVE-2018-19879

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-130582 // JVNDB: JVNDB-2018-015225 // NVD: CVE-2018-19879

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-1142

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201903-1142

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015225

PATCH
title:RUT9xx Firmwareurl:https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware
Trust: 0.8
title:Patch for TeltonikaRUT9XX authentication vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/158263
Trust: 0.6
title:Teltonika RUT9XX Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90552
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-09285 // 
            
            
            
            JVNDB: JVNDB-2018-015225 // 
            
            
            
            CNNVD: CNNVD-201903-1142

EXTERNAL IDS
db:NVDid:CVE-2018-19879
Trust: 3.1
db:JVNDBid:JVNDB-2018-015225
Trust: 0.8
db:CNNVDid:CNNVD-201903-1142
Trust: 0.7
db:CNVDid:CNVD-2019-09285
Trust: 0.6
db:VULHUBid:VHN-130582
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-09285 // 
            
            
            
            VULHUB: VHN-130582 // 
            
            
            
            JVNDB: JVNDB-2018-015225 // 
            
            
            
            CNNVD: CNNVD-201903-1142 // 
            
            
            
            NVD: CVE-2018-19879

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-19879
Trust: 2.0
url:https://wiki.teltonika.lt/index.php?title=rut9xx_firmware
Trust: 1.7
url:https://www.triadsec.com/cve-2018-19879.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19879
Trust: 0.8
url:https://www.triadsec.com/cve-2018-19878.pdf
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-09285 // 
            
            
            
            VULHUB: VHN-130582 // 
            
            
            
            JVNDB: JVNDB-2018-015225 // 
            
            
            
            CNNVD: CNNVD-201903-1142 // 
            
            
            
            NVD: CVE-2018-19879

SOURCES
db:CNVDid:CNVD-2019-09285
db:VULHUBid:VHN-130582
db:JVNDBid:JVNDB-2018-015225
db:CNNVDid:CNNVD-201903-1142
db:NVDid:CVE-2018-19879

LAST UPDATE DATE
2024-11-23T21:37:34.087000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-09285date:2019-04-07T00:00:00
db:VULHUBid:VHN-130582date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-015225date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201903-1142date:2020-08-25T00:00:00
db:NVDid:CVE-2018-19879date:2024-11-21T03:58:44.470

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-09285date:2019-04-01T00:00:00
db:VULHUBid:VHN-130582date:2019-03-28T00:00:00
db:JVNDBid:JVNDB-2018-015225date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201903-1142date:2019-03-28T00:00:00
db:NVDid:CVE-2018-19879date:2019-03-28T17:29:00.427