CVE-2018-5234

Published: 30/04/2018 Updated: 03/10/2019

CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5

CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1

VMScore: 835

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.

Vulnerable Product	Search on Vulmon	Subscribe to Product
symantec norton_core_firmware

# PoC command injection in BLE service of Norton Core Secure WiFi Router (CVE-2018-5234) For more information read [paper](embedicom/blog/whos-watching-the-watchers-vol-ii-norton-core-secure-wifi-router) To demonstrate the exploitation, we will use: - OS GNU/Linux; - Bluetooth dongle adapter; - BlueZ utility (for testing Bluetooth conne ...

PoC exploit for CVE-2018-5234

PoC command injection in BLE service of Norton Core Secure WiFi Router (CVE-2018-5234) For more information read paper To demonstrate the exploitation, we will use: OS GNU/Linux; Bluetooth dongle adapter; BlueZ utility (for testing Bluetooth connection) In order to use the script, we will need to set all dependencies in a advance: $ pip install -r /requirementstxt

NVD-CWE-noinfo https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20180430_00 http://www.securityfocus.com/bid/103955 https://www.exploit-db.com/exploits/44574/https://nvd.nist.gov https://github.com/embedi/ble_norton_core https://www.exploit-db.com/exploits/44574/

CVE-2018-5234

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect