| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Oct 2018 08:14:28 +0200 From: Felix Schallock <fex@...ecurity-net.de> To: fulldisclosure@...lists.org Cc: Felix Schallock <fex@...ecurity-net.de> Subject: [FD] CVEs 2018-7633, 2018-7632, 2018-7631 RCE, DoS and Script Injection vulnerabilities in ADB EpiCentro Firmware 7.3.2+ The following vulnerabilities have been detected in the EpiCentro firmware 7.3.2+ being used on ADB VDSL modem / routers: 1. CVE-2018-7633 Script Injection in ADB EpiCentro 7.3.2+ login form language parameter https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7633> Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7633 Severity: medium Severity Rating: CVSS v3 Base Score: 5,4 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Impact: Execution of injected Javascript Locally Exploitable: no Remotely Exploitable: Yes Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/ <https://fschallock.wordpress.com/2018/10/08/cve-2018-7633-script-injection-in-the-login-form-language-parameter-of-adb-firmware-epicentro-7-3-2/> 2. CVE-2018-7632 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to a Denial of Service condition https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632> Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7632 Severity: severe Severity Rating: CVSS v3 Base Score: 7,5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Impact: Denial of Service Locally Exploitable: no Remotely Exploitable: Yes Explanation: https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/ <https://fschallock.wordpress.com/2018/10/08/cve-2018-7632-buffer-overflow-in-httpd-in-epicentro-e_7-3-2-allows-attackers-to-cause-a-denial-of-service-attack-remotely-via-a-specially-crafted-get-request/> 3. CVE-2018- 7631 Buffer Overflow in ADB EpiCentro 7.3.2+ httpd leading to Remote Code Execution (RCE) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7632> Product: EpiCentro Vendor: ADB Global Tested Version: 7.3.2 CVE ID: 2018-7631 Severity: critical Severity Rating: CVSS v3 Base Score: 10,0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Impact: Code Execution Locally Exploitable: no Remotely Exploitable: Yes Explanation: https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/ <https://fschallock.wordpress.com/2018/10/07/cve-2018-7631-rce-in-adb-epicentro-7-3-2-httpd/> The vulnerabilities were discovered and disclosed to the manufacturer ADB and the ISP A1 Telekom Austria prior to general public announcement. In accordance to information received from both parties a fix has been produced and rolled out to all customers / devices. I have not examined the fix and therefore can not comment on its effectivity. Felix _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists