CVE-2021-31505

This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSH service. The device can be booted into a special operation mode where hard-coded credentials are accepted for SSH authentication. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-12890.

CVSS v3 6.8 MEDIUM
CVSS v2.0 7.2 HIGH

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://kb.arlo.com/000062592/Security-Advisory-for-Arlo-Q-Plus-SSH-Use-of-Hard-coded-Credentials-Allowing-Privilege-Escalation	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-683/	Third Party Advisory VDB Entry
https://kb.arlo.com/000062592/Security-Advisory-for-Arlo-Q-Plus-SSH-Use-of-Hard-coded-Credentials-Allowing-Privilege-Escalation	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-683/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:arlo:q_plus_firmware:1.9.0.3_278:*:*:*:*:*:*:*

cpe:2.3:h:arlo:q_plus:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:05

Type	Values Removed	Values Added
References	~~() https://kb.arlo.com/000062592/Security-Advisory-for-Arlo-Q-Plus-SSH-Use-of-Hard-coded-Credentials-Allowing-Privilege-Escalation - Vendor Advisory~~	() https://kb.arlo.com/000062592/Security-Advisory-for-Arlo-Q-Plus-SSH-Use-of-Hard-coded-Credentials-Allowing-Privilege-Escalation - Vendor Advisory
References	~~() https://www.zerodayinitiative.com/advisories/ZDI-21-683/ - Third Party Advisory, VDB Entry~~	() https://www.zerodayinitiative.com/advisories/ZDI-21-683/ - Third Party Advisory, VDB Entry

07 Jul 2021, 17:42

Type	Values Removed	Values Added
CWE		CWE-798
References	~~(MISC) https://kb.arlo.com/000062592/Security-Advisory-for-Arlo-Q-Plus-SSH-Use-of-Hard-coded-Credentials-Allowing-Privilege-Escalation -~~	(MISC) https://kb.arlo.com/000062592/Security-Advisory-for-Arlo-Q-Plus-SSH-Use-of-Hard-coded-Credentials-Allowing-Privilege-Escalation - Vendor Advisory
References	~~(MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-683/ -~~	(MISC) https://www.zerodayinitiative.com/advisories/ZDI-21-683/ - Third Party Advisory, VDB Entry
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 6.8
CPE		cpe:2.3:o:arlo:q_plus_firmware:1.9.0.3_278:::::::* cpe:2.3:h:arlo:q_plus:-:::::::*

29 Jun 2021, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-06-29 15:15

Updated : 2024-11-21 06:05

NVD link : CVE-2021-31505

Mitre link : CVE-2021-31505

CVE.ORG link : CVE-2021-31505

JSON object : View

Products Affected

arlo

q_plus
q_plus_firmware

CWE

CWE-798

Use of Hard-coded Credentials

6.8 /10