Details of VAR-201906-0730

ID

VAR-201906-0730

CVE

CVE-2017-13717

TITLE

Starry Station Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-014507

DESCRIPTION

Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily. Starry Station ( alias Starry Router) Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.8

sources: NVD: CVE-2017-13717 // JVNDB: JVNDB-2017-014507 // VULHUB: VHN-104367 // VULMON: CVE-2017-13717

AFFECTED PRODUCTS

vendor:	starry	model:	s00111	scope:	eq	version:	-	Trust: 1.0
vendor:	starry	model:	s00111	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2017-014507 // NVD: CVE-2017-13717

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-13717
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-13717
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201708-1164
value:	HIGH
Trust: 0.6
VULHUB:	VHN-104367
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-13717
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-13717
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-104367
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-13717
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-104367 // VULMON: CVE-2017-13717 // JVNDB: JVNDB-2017-014507 // CNNVD: CNNVD-201708-1164 // NVD: CVE-2017-13717

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-104367 // JVNDB: JVNDB-2017-014507 // NVD: CVE-2017-13717

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1164

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201708-1164

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014507

PATCH

title:	Top Page	url:	https://starry.com	Trust: 0.8
title:	IoT_vulnerabilities	url:	https://github.com/ethanhunnt/IoT_vulnerabilities	Trust: 0.1

sources: VULMON: CVE-2017-13717 // JVNDB: JVNDB-2017-014507

EXTERNAL IDS

db:	NVD	id:	CVE-2017-13717	Trust: 2.7
db:	PACKETSTORM	id:	153240	Trust: 1.9
db:	JVNDB	id:	JVNDB-2017-014507	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-1164	Trust: 0.7
db:	VULHUB	id:	VHN-104367	Trust: 0.1
db:	VULMON	id:	CVE-2017-13717	Trust: 0.1

sources: VULHUB: VHN-104367 // VULMON: CVE-2017-13717 // JVNDB: JVNDB-2017-014507 // PACKETSTORM: 153240 // CNNVD: CNNVD-201708-1164 // NVD: CVE-2017-13717

REFERENCES

url:	https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/starry_sec_issues.pdf	Trust: 2.6
url:	https://seclists.org/bugtraq/2019/jun/8	Trust: 1.8
url:	http://packetstormsecurity.com/files/153240/starry-router-camera-pin-brute-force-cors-incorrect.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13717	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13717	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ethanhunnt/iot_vulnerabilities	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-13718	Trust: 0.1

sources: VULHUB: VHN-104367 // VULMON: CVE-2017-13717 // JVNDB: JVNDB-2017-014507 // PACKETSTORM: 153240 // CNNVD: CNNVD-201708-1164 // NVD: CVE-2017-13717

CREDITS

Mandar Satam

Trust: 0.1

sources: PACKETSTORM: 153240

SOURCES

db:	VULHUB	id:	VHN-104367
db:	VULMON	id:	CVE-2017-13717
db:	JVNDB	id:	JVNDB-2017-014507
db:	PACKETSTORM	id:	153240
db:	CNNVD	id:	CNNVD-201708-1164
db:	NVD	id:	CVE-2017-13717

LAST UPDATE DATE

2024-11-23T22:25:55.002000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-104367	date:	2019-06-11T00:00:00
db:	VULMON	id:	CVE-2017-13717	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-014507	date:	2019-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201708-1164	date:	2019-06-12T00:00:00
db:	NVD	id:	CVE-2017-13717	date:	2024-11-21T03:11:30.050

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-104367	date:	2019-06-10T00:00:00
db:	VULMON	id:	CVE-2017-13717	date:	2019-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2017-014507	date:	2019-06-19T00:00:00
db:	PACKETSTORM	id:	153240	date:	2019-06-07T15:06:02
db:	CNNVD	id:	CNNVD-201708-1164	date:	2017-08-29T00:00:00
db:	NVD	id:	CVE-2017-13717	date:	2019-06-10T22:29:00.263