Details of VAR-201003-0151

ID

VAR-201003-0151

CVE

CVE-2010-0103

TITLE

Energizer DUO USB Battery Charger Unauthorized Access Vulnerability

Trust: 0.9

sources: BID: 38571 // CNNVD: CNNVD-201003-107

DESCRIPTION

UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777. Energizer DUO is a fast USB charger. Energizer DUO has a security vulnerability in its implementation that could allow an attacker to list arbitrary directories, send and receive files, and execute arbitrary code. ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Energizer DUO Charger Software Backdoor Security Issue SECUNIA ADVISORY ID: SA38894 VERIFY ADVISORY: http://secunia.com/advisories/38894/ DESCRIPTION: A security issue has been reported in Energizer DUO Charger Software, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to a backdoor (Arucer.dll) placed in the Windows system32 directory by the installer software. This can be exploited to e.g. NOTE: The backdoor is configured to start automatically on system start. SOLUTION: Uninstall the software and remove "Arucer.dll" from the Windows system32 directory. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Ed Schaller. ORIGINAL ADVISORY: VU#154421: http://www.kb.cert.org/vuls/id/154421 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.24

sources: NVD: CVE-2010-0103 // CERT/CC: VU#154421 // JVNDB: JVNDB-2010-003768 // CNVD: CNVD-2010-3464 // BID: 38571 // PACKETSTORM: 87000

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-3464

AFFECTED PRODUCTS

vendor:	energizer	model:	duo usb	scope:	-	version:	-	Trust: 1.4
vendor:	energizer	model:	duo usb	scope:	eq	version:	*	Trust: 1.0
vendor:	energizer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	energizer	model:	duo	scope:	-	version:	-	Trust: 0.6
vendor:	energizer	model:	duo	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#154421 // CNVD: CNVD-2010-3464 // BID: 38571 // JVNDB: JVNDB-2010-003768 // CNNVD: CNNVD-201003-107 // NVD: CVE-2010-0103

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0103
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#154421
value:	2.09
Trust: 0.8
NVD:	CVE-2010-0103
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2010-3464
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201003-107
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2010-0103
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2010-3464
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CERT/CC: VU#154421 // CNVD: CNVD-2010-3464 // JVNDB: JVNDB-2010-003768 // CNNVD: CNNVD-201003-107 // NVD: CVE-2010-0103

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2010-003768 // NVD: CVE-2010-0103

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-107

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201003-107

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-003768

PATCH

title:

Top Page

url:

http://www.energizer.com/

Trust: 0.8

sources: JVNDB: JVNDB-2010-003768

EXTERNAL IDS

db:	CERT/CC	id:	VU#154421	Trust: 3.6
db:	NVD	id:	CVE-2010-0103	Trust: 3.3
db:	BID	id:	38571	Trust: 2.5
db:	JVNDB	id:	JVNDB-2010-003768	Trust: 0.8
db:	CNVD	id:	CNVD-2010-3464	Trust: 0.6
db:	CNNVD	id:	CNNVD-201003-107	Trust: 0.6
db:	SECUNIA	id:	38894	Trust: 0.2
db:	PACKETSTORM	id:	87000	Trust: 0.1

sources: CERT/CC: VU#154421 // CNVD: CNVD-2010-3464 // BID: 38571 // JVNDB: JVNDB-2010-003768 // PACKETSTORM: 87000 // CNNVD: CNNVD-201003-107 // NVD: CVE-2010-0103

REFERENCES

url:	http://www.kb.cert.org/vuls/id/154421	Trust: 2.8
url:	http://www.marketwatch.com/story/energizer-announces-duo-charger-and-usb-charger-software-problem-2010-03-05	Trust: 2.4
url:	http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software	Trust: 2.4
url:	http://www.securityfocus.com/bid/38571	Trust: 1.6
url:	http://www.energizerrecharge.eu/en/range/chargers/usb	Trust: 0.8
url:	http://www.threatexpert.com/report.aspx?md5=3f4f10b927677e45a495d0cdd4390aaf	Trust: 0.8
url:	http://www.energizer.com/usbcharger/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0103	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0103	Trust: 0.8
url:	http://www.securityfocus.com/bid/38571/info	Trust: 0.6
url:	http://www.energizer.com/pages/default.aspx	Trust: 0.3
url:	http://secunia.com/advisories/38894/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#154421 // CNVD: CNVD-2010-3464 // BID: 38571 // JVNDB: JVNDB-2010-003768 // PACKETSTORM: 87000 // CNNVD: CNNVD-201003-107 // NVD: CVE-2010-0103

CREDITS

Ed Schaller

Trust: 0.9

sources: BID: 38571 // CNNVD: CNNVD-201003-107

SOURCES

db:	CERT/CC	id:	VU#154421
db:	CNVD	id:	CNVD-2010-3464
db:	BID	id:	38571
db:	JVNDB	id:	JVNDB-2010-003768
db:	PACKETSTORM	id:	87000
db:	CNNVD	id:	CNNVD-201003-107
db:	NVD	id:	CVE-2010-0103

LAST UPDATE DATE

2025-04-11T23:17:58.737000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#154421	date:	2010-04-15T00:00:00
db:	CNVD	id:	CNVD-2010-3464	date:	2010-03-05T00:00:00
db:	BID	id:	38571	date:	2010-03-18T15:22:00
db:	JVNDB	id:	JVNDB-2010-003768	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201003-107	date:	2010-03-10T00:00:00
db:	NVD	id:	CVE-2010-0103	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#154421	date:	2010-03-05T00:00:00
db:	CNVD	id:	CNVD-2010-3464	date:	2010-03-05T00:00:00
db:	BID	id:	38571	date:	2010-03-05T00:00:00
db:	JVNDB	id:	JVNDB-2010-003768	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	87000	date:	2010-03-08T17:00:32
db:	CNNVD	id:	CNNVD-201003-107	date:	2010-03-10T00:00:00
db:	NVD	id:	CVE-2010-0103	date:	2010-03-10T20:13:02.667