CVE-2018-13110

Published: Jul 6, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.

Affected (4)

Products: Adbglobal: Dv2210 Firmware, Vv2220 Firmware, Vv5522 Firmware, Prg Av4202n Firmware

4 products

Dv2210 Firmware

Vv2220 Firmware

Vv5522 Firmware

Prg Av4202n Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adbglobal Dv2210 Firmware	All versions

Running on/with	Platform Versions
Adbglobal Dv2210	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adbglobal Vv2220 Firmware	All versions

Running on/with	Platform Versions
Adbglobal Vv2220	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adbglobal Vv5522 Firmware	All versions

Running on/with	Platform Versions
Adbglobal Vv5522	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adbglobal Prg Av4202n Firmware	All versions

Running on/with	Platform Versions
Adbglobal Prg Av4202n	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (10)

http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Jul/19

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/archive/1/542118/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/44984/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Jul/19

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://www.securityfocus.com/archive/1/542118/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/44984/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.