Published: 06/07/2018 Updated: 03/10/2019

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 855

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adbglobal dv2210_firmware -
adbglobal vv2220_firmware -
adbglobal vv5522_firmware -
adbglobal prg_av4202n_firmware -

SEC Consult Vulnerability Lab Security Advisory < 20180704-2 > ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers (based on Epicentro platform) vulnerable version: Hardware: ADB PRG AV4202N, DV2210, VV2220, VV5522, etc ...

An attacker with standard / low access rights within the web GUI is able to gain access to the CLI (if it has been previously disabled by the configuration) and escalate his privileges Depending on the CLI features it is possible to extract the whole configuration and manipulate settings or gain access to debug features of the device, eg via "de ...

CWE-732 https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/http://seclists.org/fulldisclosure/2018/Jul/19 http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html https://www.exploit-db.com/exploits/44984/http://www.securityfocus.com/archive/1/542118/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/44984/

CVE-2018-13110

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect