[<prev] [next>] [day] [month] [year] [list]
Message-Id: <EB878751-5B8C-4F7F-AE50-466B4E802F94@e-security-net.de>
Date: Wed, 24 Oct 2018 08:14:28 +0200
From: Felix Schallock <fex@...ecurity-net.de>
To: fulldisclosure@...lists.org
Cc: Felix Schallock <fex@...ecurity-net.de>
Subject: [FD] CVEs 2018-7633, 2018-7632, 2018-7631 RCE,
DoS and Script Injection vulnerabilities in ADB EpiCentro Firmware
7.3.2+
The following vulnerabilities have been detected in the EpiCentro firmware 7.3.2+ being used on ADB VDSL modem / routers:
1. CVE-2018-7633 Script Injection in ADB EpiCentro 7.3.2+ login form language parameter https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633>
Product: EpiCentro
Vendor: ADB Global
Tested Version: 7.3.2
CVE ID: 2018-7633
Severity: medium
Severity Rating: CVSS v3 Base Score: 5,4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Impact: Execution of injected Javascript
Locally Exploitable: no
Remotely Exploitable: Yes
Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/ <https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/>
2. CVE-2018-7632 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to a Denial of Service condition https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632>
Product: EpiCentro
Vendor: ADB Global
Tested Version: 7.3.2
CVE ID: 2018-7632
Severity: severe
Severity Rating: CVSS v3 Base Score: 7,5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact: Denial of Service
Locally Exploitable: no
Remotely Exploitable: Yes
Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/ <https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/>
3. CVE-2018- 7631 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to Remote Code Execution (RCE) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632>
Product: EpiCentro
Vendor: ADB Global
Tested Version: 7.3.2
CVE ID: 2018-7631
Severity: critical
Severity Rating: CVSS v3 Base Score: 10,0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Impact: Code Execution
Locally Exploitable: no
Remotely Exploitable: Yes
Explanation: https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/ <https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/>
The vulnerabilities were discovered and disclosed to the manufacturer ADB and the ISP A1 Telekom Austria prior to general public announcement. In accordance to information received from both parties a fix has been produced and rolled out to all customers / devices. I have not examined the fix and therefore can not comment on its effectivity.
Felix
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists