Vulnerability CVE-2018-13109

Vulnerability CVE-2018-13109

Published: 2018-07-06

Description:

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	ADB Authorization Bypass	Johannes Greil	05.07.2018

Type:

CWE-863

(Incorrect Authorization)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Adbglobal -> Dv2210 firmware
Adbglobal -> Prg av4202n firmware
Adbglobal -> Vv2220 firmware
Adbglobal -> Vv5522 firmware

References:

http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html

http://seclists.org/fulldisclosure/2018/Jul/18

http://www.securityfocus.com/archive/1/542119/100/0/threaded

https://www.exploit-db.com/exploits/44982/

https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/

Copyright 2024, cxsecurity.com