CVE-2018-13109

Published: Jul 6, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.

Affected (4)

Products: Adbglobal: Dv2210 Firmware, Vv2220 Firmware, Vv5522 Firmware, Prg Av4202n Firmware

4 products

Dv2210 Firmware

Vv2220 Firmware

Vv5522 Firmware

Prg Av4202n Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adbglobal Dv2210 Firmware	All versions

Running on/with	Platform Versions
Adbglobal Dv2210	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adbglobal Vv2220 Firmware	All versions

Running on/with	Platform Versions
Adbglobal Vv2220	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adbglobal Vv5522 Firmware	All versions

Running on/with	Platform Versions
Adbglobal Vv5522	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adbglobal Prg Av4202n Firmware	All versions

Running on/with	Platform Versions
Adbglobal Prg Av4202n	All versions

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (10)

http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Jul/18

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/archive/1/542119/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/44982/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Jul/18

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/archive/1/542119/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/44982/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.