Sign-up

ID

VAR-201705-1398


CVE

CVE-2016-10372


TITLE

Eir D1000 Modem vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2016-008586

DESCRIPTION

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature. Eir D1000 Modems have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Eir D1000 is a modem of Eir company in Ireland. There is a security flaw in the Eir D1000 modem, which is caused by the program not properly restricting the TR-064 protocol

Trust: 1.71

sources: NVD: CVE-2016-10372 // JVNDB: JVNDB-2016-008586 // VULHUB: VHN-89142

AFFECTED PRODUCTS

vendor:eirmodel:d1000 modemscope:eqversion: -

Trust: 1.6

vendor:zyxelmodel:eir d1000 modemscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2016-008586 // CNNVD: CNNVD-201705-766 // NVD: CVE-2016-10372

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10372
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-10372
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201705-766
value: CRITICAL

Trust: 0.6

VULHUB: VHN-89142
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-10372
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-89142
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10372
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-89142 // JVNDB: JVNDB-2016-008586 // CNNVD: CNNVD-201705-766 // NVD: CVE-2016-10372

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-89142 // JVNDB: JVNDB-2016-008586 // NVD: CVE-2016-10372

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-766

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201705-766

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008586

PATCH
title:eir D1000 modemurl:http://support.eir.ie/assets/static/images/support/responsive/download/d1000-eir.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-008586

EXTERNAL IDS
db:NVDid:CVE-2016-10372
Trust: 2.5
db:JVNDBid:JVNDB-2016-008586
Trust: 0.8
db:CNNVDid:CNNVD-201705-766
Trust: 0.7
db:VULHUBid:VHN-89142
Trust: 0.1
sources:
            
            
            VULHUB: VHN-89142 // 
            
            
            
            JVNDB: JVNDB-2016-008586 // 
            
            
            
            CNNVD: CNNVD-201705-766 // 
            
            
            
            NVD: CVE-2016-10372

REFERENCES
url:https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
Trust: 2.5
url:https://isc.sans.edu/forums/diary/tr069+newntpserver+exploits+what+we+know+so+far/21763/
Trust: 1.7
url:https://ghostbin.com/paste/q2vq2
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10372
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-10372
Trust: 0.8
sources:
            
            
            VULHUB: VHN-89142 // 
            
            
            
            JVNDB: JVNDB-2016-008586 // 
            
            
            
            CNNVD: CNNVD-201705-766 // 
            
            
            
            NVD: CVE-2016-10372

SOURCES
db:VULHUBid:VHN-89142
db:JVNDBid:JVNDB-2016-008586
db:CNNVDid:CNNVD-201705-766
db:NVDid:CVE-2016-10372

LAST UPDATE DATE
2024-08-14T13:46:51.270000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-89142date:2017-12-19T00:00:00
db:JVNDBid:JVNDB-2016-008586date:2017-06-16T00:00:00
db:CNNVDid:CNNVD-201705-766date:2017-05-17T00:00:00
db:NVDid:CVE-2016-10372date:2017-12-19T02:29:40.863

SOURCES RELEASE DATE
db:VULHUBid:VHN-89142date:2017-05-16T00:00:00
db:JVNDBid:JVNDB-2016-008586date:2017-06-16T00:00:00
db:CNNVDid:CNNVD-201705-766date:2017-05-17T00:00:00
db:NVDid:CVE-2016-10372date:2017-05-16T14:29:02.010