Vulnerability Details : CVE-2018-13109
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.
Products affected by CVE-2018-13109
- cpe:2.3:o:adbglobal:dv2210_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:adbglobal:vv2220_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:adbglobal:vv5522_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:adbglobal:prg_av4202n_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-13109
3.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-13109
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-13109
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-13109
-
https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/
Authorization Bypass in all ADB Broadband Gateways / Routers – SEC ConsultExploit;Third Party Advisory
-
http://www.securityfocus.com/archive/1/542119/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2018/Jul/18
Full Disclosure: SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / RoutersMailing List;Third Party Advisory
-
https://www.exploit-db.com/exploits/44982/
ADB Broadband Gateways / Routers - Authorization BypassThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html
ADB Authorization Bypass ≈ Packet StormThird Party Advisory;VDB Entry
Jump to