CVE-2018-20512

Published: Jan 3, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.

Affected (1)

Products: Cdatatec: Epon Cpe Wifi Devices Firmware

1 product

Epon Cpe Wifi Devices Firmware

Configuration A

1 vulnerable · 21 platform

Vulnerable Software	Affected Versions
Cdatatec Epon Cpe Wifi Devices Firmware	Version 2.0.4-x000

Running on/with	Platform Versions
Cdatatec Fd108bn	All versions
Cdatatec Fd111hz	All versions
Cdatatec Fd111y	All versions
Cdatatec Fd114y	All versions
Cdatatec Fd212gw	All versions
Cdatatec Fd212h	All versions
Cdatatec Fd214gh	All versions
Cdatatec Fd214gw	All versions
Cdatatec Fd404gh	All versions
Cdatatec Fd404gw	All versions
Cdatatec Fd600 104	All versions
Cdatatec Fd600 104g	All versions
Cdatatec Fd600 108f Hz500	All versions
Cdatatec Fd600 111g	All versions
Cdatatec Fd600 111gw	All versions
Cdatatec Fd600 301	All versions
Cdatatec Fd600 301gw	All versions
Cdatatec Fd600 304	All versions
Cdatatec Fd600 304ga Hr500	All versions
Cdatatec Fd600 304ga Hr511	All versions
Cdatatec Fd600 521g	All versions

Related CWEs

Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

References (2)

https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technologies_epon_cpewifi/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technologies_epon_cpewifi/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.