CVE-2018-13109

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:adbglobal:dv2210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:adbglobal:dv2210:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:adbglobal:vv2220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:adbglobal:vv2220:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:adbglobal:vv5522_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:adbglobal:vv5522:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:adbglobal:prg_av4202n_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:adbglobal:prg_av4202n:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:46

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html - Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2018/Jul/18 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2018/Jul/18 - Mailing List, Third Party Advisory
References () http://www.securityfocus.com/archive/1/542119/100/0/threaded - Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/542119/100/0/threaded - Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/44982/ - Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/44982/ - Third Party Advisory, VDB Entry
References () https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/ - Exploit, Third Party Advisory () https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/ - Exploit, Third Party Advisory

Information

Published : 2018-07-06 14:29

Updated : 2024-11-21 03:46


NVD link : CVE-2018-13109

Mitre link : CVE-2018-13109

CVE.ORG link : CVE-2018-13109


JSON object : View

Products Affected

adbglobal

  • vv5522_firmware
  • prg_av4202n_firmware
  • dv2210_firmware
  • prg_av4202n
  • vv2220
  • vv5522
  • vv2220_firmware
  • dv2210
CWE
CWE-863

Incorrect Authorization