Sign-up

ID

VAR-201905-1113


CVE

CVE-2018-20008


TITLE

iBall Baton Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-015522

DESCRIPTION

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. iBall Baton The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. iBallBatoniB-WRB302N is a wireless router from iBall India. A trust management issue vulnerability exists in the iBallBatoniB-WRB302N20122017 release. The vulnerability stems from the lack of an effective trust management mechanism in network systems or products. An attacker can attack an affected component with a default password or hard-coded password, hard-coded certificate, and so on. to attack affected components

Trust: 2.25

sources: NVD: CVE-2018-20008 // JVNDB: JVNDB-2018-015522 // CNVD: CNVD-2019-16607 // VULHUB: VHN-130771

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-16607

AFFECTED PRODUCTS

vendor:iballmodel:ib-wrb302nscope:eqversion:ib-wrb302n20122017

Trust: 1.0

vendor:iballmodel:300m 2 port wireless n broadband routerscope:eqversion:ib-wrb302n20122017

Trust: 0.8

vendor:iballmodel:baton ib-wrb302n ib-wrb302n20122017scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-16607 // JVNDB: JVNDB-2018-015522 // NVD: CVE-2018-20008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20008
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-20008
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-16607
value: LOW

Trust: 0.6

CNNVD: CNNVD-201905-1044
value: MEDIUM

Trust: 0.6

VULHUB: VHN-130771
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-20008
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-16607
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-130771
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20008
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-20008
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-16607 // VULHUB: VHN-130771 // JVNDB: JVNDB-2018-015522 // CNNVD: CNNVD-201905-1044 // NVD: CVE-2018-20008

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.1

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-130771 // JVNDB: JVNDB-2018-015522 // NVD: CVE-2018-20008

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-1044

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015522

PATCH
title:300M 2-Port Wireless-N Broadband Routerurl:https://www.iball.co.in/Product/300M-2-Port-Wireless-N-Broadband-Router/11209
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015522

EXTERNAL IDS
db:NVDid:CVE-2018-20008
Trust: 3.1
db:JVNDBid:JVNDB-2018-015522
Trust: 0.8
db:CNNVDid:CNNVD-201905-1044
Trust: 0.7
db:CNVDid:CNVD-2019-16607
Trust: 0.6
db:VULHUBid:VHN-130771
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-16607 // 
            
            
            
            VULHUB: VHN-130771 // 
            
            
            
            JVNDB: JVNDB-2018-015522 // 
            
            
            
            CNNVD: CNNVD-201905-1044 // 
            
            
            
            NVD: CVE-2018-20008

REFERENCES
url:https://payatu.com/ibaton-routers-responsible-disclosure/
Trust: 3.1
url:https://www.iball.co.in/category/baton/283
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-20008
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20008
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-16607 // 
            
            
            
            VULHUB: VHN-130771 // 
            
            
            
            JVNDB: JVNDB-2018-015522 // 
            
            
            
            CNNVD: CNNVD-201905-1044 // 
            
            
            
            NVD: CVE-2018-20008

SOURCES
db:CNVDid:CNVD-2019-16607
db:VULHUBid:VHN-130771
db:JVNDBid:JVNDB-2018-015522
db:CNNVDid:CNNVD-201905-1044
db:NVDid:CVE-2018-20008

LAST UPDATE DATE
2024-11-23T22:44:59.063000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-16607date:2019-06-06T00:00:00
db:VULHUBid:VHN-130771date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-015522date:2019-06-11T00:00:00
db:CNNVDid:CNNVD-201905-1044date:2020-08-25T00:00:00
db:NVDid:CVE-2018-20008date:2024-11-21T04:00:44.493

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-16607date:2019-06-06T00:00:00
db:VULHUBid:VHN-130771date:2019-05-28T00:00:00
db:JVNDBid:JVNDB-2018-015522date:2019-06-11T00:00:00
db:CNNVDid:CNNVD-201905-1044date:2019-05-28T00:00:00
db:NVDid:CVE-2018-20008date:2019-05-28T21:29:00.327