Vulnerability CVE-2018-13109


Published: 2018-07-06

Description:
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ADB Authorization Bypass
Johannes Greil
05.07.2018

Type:

CWE-863

(Incorrect Authorization)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Adbglobal -> Dv2210 firmware 
Adbglobal -> Prg av4202n firmware 
Adbglobal -> Vv2220 firmware 
Adbglobal -> Vv5522 firmware 

 References:
http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html
http://seclists.org/fulldisclosure/2018/Jul/18
http://www.securityfocus.com/archive/1/542119/100/0/threaded
https://www.exploit-db.com/exploits/44982/
https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/

Copyright 2022, cxsecurity.com

 

Back to Top