Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-13109

Published: 06/07/2018 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Dv2210 Firmware

Vulnerability Summary

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adbglobal dv2210_firmware -

adbglobal vv2220_firmware -

adbglobal vv5522_firmware -

adbglobal prg_av4202n_firmware -

Exploits

Exploit DB: ADB Broadband Gateways / Routers - Authorization Bypass
SEC Consult Vulnerability Lab Security Advisory < 20180704-1 > ======================================================================= title: Authorization Bypass product: All ADB Broadband Gateways / Routers (based on Epicentro platform) vulnerable version: Hardware: ADB PRG AV4202N, DV2210, VV2220, VV5522, etc fixed version: see "Solution ...
Exploit DB: ADB Authorization Bypass
Depending on the firmware version/feature-set of the ISP deploying the ADB device, a standard user account may not have all settings enabled within the web GUI An authenticated attacker is able to bypass those restrictions by adding a second slash in front of the forbidden entry of the path in the URL It is possible to access forbidden entries wi ...

Mailing Lists

Full Disclosure: SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers <!--X-Subject-Header-End--> ...

References

CWE-863https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/http://seclists.org/fulldisclosure/2018/Jul/18http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.htmlhttps://www.exploit-db.com/exploits/44982/http://www.securityfocus.com/archive/1/542119/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/44982/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook