Sign-up

ID

VAR-201906-0731


CVE

CVE-2017-13718


TITLE

Starry Station Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-014506

DESCRIPTION

The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to "*", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device. Starry Station ( alias Starry Router) Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Starry Station is a wireless router produced by American Starry Company. An authorization issue vulnerability exists in the HTTP API in Starry Station. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.8

sources: NVD: CVE-2017-13718 // JVNDB: JVNDB-2017-014506 // VULHUB: VHN-104368 // VULMON: CVE-2017-13718

AFFECTED PRODUCTS

vendor:starrymodel:s00111scope:eqversion: -

Trust: 1.0

vendor:starrymodel:s00111scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014506 // NVD: CVE-2017-13718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13718
value: HIGH

Trust: 1.0

NVD: CVE-2017-13718
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201708-1163
value: HIGH

Trust: 0.6

VULHUB: VHN-104368
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-13718
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13718
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-104368
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-13718
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-104368 // VULMON: CVE-2017-13718 // JVNDB: JVNDB-2017-014506 // CNNVD: CNNVD-201708-1163 // NVD: CVE-2017-13718

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

sources: VULHUB: VHN-104368 // JVNDB: JVNDB-2017-014506 // NVD: CVE-2017-13718

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1163

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201708-1163

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014506

PATCH
title:Top Pageurl:https://starry.com
Trust: 0.8
title:IoT_vulnerabilitiesurl:https://github.com/ethanhunnt/IoT_vulnerabilities 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-13718 // 
            
            
            
            JVNDB: JVNDB-2017-014506

EXTERNAL IDS
db:NVDid:CVE-2017-13718
Trust: 2.7
db:PACKETSTORMid:153240
Trust: 1.9
db:JVNDBid:JVNDB-2017-014506
Trust: 0.8
db:CNNVDid:CNNVD-201708-1163
Trust: 0.7
db:VULHUBid:VHN-104368
Trust: 0.1
db:VULMONid:CVE-2017-13718
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104368 // 
            
            
            
            VULMON: CVE-2017-13718 // 
            
            
            
            JVNDB: JVNDB-2017-014506 // 
            
            
            
            PACKETSTORM: 153240 // 
            
            
            
            CNNVD: CNNVD-201708-1163 // 
            
            
            
            NVD: CVE-2017-13718

REFERENCES
url:https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/starry_sec_issues.pdf
Trust: 2.6
url:https://seclists.org/bugtraq/2019/jun/8
Trust: 1.8
url:http://packetstormsecurity.com/files/153240/starry-router-camera-pin-brute-force-cors-incorrect.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13718
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13718
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/254.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ethanhunnt/iot_vulnerabilities
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-13717
Trust: 0.1
sources:
            
            
            VULHUB: VHN-104368 // 
            
            
            
            VULMON: CVE-2017-13718 // 
            
            
            
            JVNDB: JVNDB-2017-014506 // 
            
            
            
            PACKETSTORM: 153240 // 
            
            
            
            CNNVD: CNNVD-201708-1163 // 
            
            
            
            NVD: CVE-2017-13718

CREDITS
Mandar Satam
Trust: 0.1
sources:
            
            
            PACKETSTORM: 153240

SOURCES
db:VULHUBid:VHN-104368
db:VULMONid:CVE-2017-13718
db:JVNDBid:JVNDB-2017-014506
db:PACKETSTORMid:153240
db:CNNVDid:CNNVD-201708-1163
db:NVDid:CVE-2017-13718

LAST UPDATE DATE
2024-11-23T22:25:55.033000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-104368date:2019-06-11T00:00:00
db:VULMONid:CVE-2017-13718date:2019-06-11T00:00:00
db:JVNDBid:JVNDB-2017-014506date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201708-1163date:2019-06-12T00:00:00
db:NVDid:CVE-2017-13718date:2024-11-21T03:11:30.210

SOURCES RELEASE DATE
db:VULHUBid:VHN-104368date:2019-06-10T00:00:00
db:VULMONid:CVE-2017-13718date:2019-06-10T00:00:00
db:JVNDBid:JVNDB-2017-014506date:2019-06-19T00:00:00
db:PACKETSTORMid:153240date:2019-06-07T15:06:02
db:CNNVDid:CNNVD-201708-1163date:2017-08-29T00:00:00
db:NVDid:CVE-2017-13718date:2019-06-10T22:29:00.327