Sign-up

ID

VAR-201705-3846


CVE

CVE-2017-9138


TITLE

plural Tenda Router debug interface buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004377

DESCRIPTION

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password. plural Tenda Router (FH1202/F1202/F1200) Debug interface contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A security bypass vulnerability exists in the TendaFH1202, F1202, and F1200 routers using firmware prior to 1.2.0.20

Trust: 2.25

sources: NVD: CVE-2017-9138 // JVNDB: JVNDB-2017-004377 // CNVD: CNVD-2017-07749 // VULHUB: VHN-117341

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07749

AFFECTED PRODUCTS

vendor:tendacnmodel:f1202scope:lteversion:1.2.0.19

Trust: 1.0

vendor:tendacnmodel:f1200scope:lteversion:1.2.0.19

Trust: 1.0

vendor:tendacnmodel:fh1202scope:lteversion:1.2.0.19

Trust: 1.0

vendor:tendamodel:f1200scope:ltversion:1.2.0.20

Trust: 0.8

vendor:tendamodel:f1202scope:ltversion:1.2.0.20

Trust: 0.8

vendor:tendamodel:fh1202scope:ltversion:1.2.0.20

Trust: 0.8

vendor: - model:tenda technology co.,ltd. f1200scope:ltversion:1.2.0.20

Trust: 0.6

vendor: - model:tenda technology co.,ltd. f1202scope:ltversion:1.2.0.20

Trust: 0.6

vendor: - model:tenda technology co.,ltd. fh1202scope:ltversion:1.2.0.20

Trust: 0.6

vendor:tendacnmodel:fh1202scope:eqversion:1.2.0.19

Trust: 0.6

vendor:tendacnmodel:f1202scope:eqversion:1.2.0.19

Trust: 0.6

vendor:tendacnmodel:f1200scope:eqversion:1.2.0.19

Trust: 0.6

sources: CNVD: CNVD-2017-07749 // JVNDB: JVNDB-2017-004377 // CNNVD: CNNVD-201705-916 // NVD: CVE-2017-9138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9138
value: HIGH

Trust: 1.0

NVD: CVE-2017-9138
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-07749
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-916
value: HIGH

Trust: 0.6

VULHUB: VHN-117341
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-9138
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07749
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-117341
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9138
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07749 // VULHUB: VHN-117341 // JVNDB: JVNDB-2017-004377 // CNNVD: CNNVD-201705-916 // NVD: CVE-2017-9138

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-117341 // JVNDB: JVNDB-2017-004377 // NVD: CVE-2017-9138

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201705-916

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201705-916

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004377

PATCH
title:Overview-Tenda-All For Better NetWorkingurl:http://www.tendacn.com/en/2017.html
Trust: 0.8
title:TendaFH1202/F1202 and F1200 router security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/94527
Trust: 0.6
title:Tenda FH1202 , F1202  and F1200 Repair measures for router security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70408
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07749 // 
            
            
            
            JVNDB: JVNDB-2017-004377 // 
            
            
            
            CNNVD: CNNVD-201705-916

EXTERNAL IDS
db:NVDid:CVE-2017-9138
Trust: 3.1
db:JVNDBid:JVNDB-2017-004377
Trust: 0.8
db:CNNVDid:CNNVD-201705-916
Trust: 0.7
db:CNVDid:CNVD-2017-07749
Trust: 0.6
db:VULHUBid:VHN-117341
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07749 // 
            
            
            
            VULHUB: VHN-117341 // 
            
            
            
            JVNDB: JVNDB-2017-004377 // 
            
            
            
            CNNVD: CNNVD-201705-916 // 
            
            
            
            NVD: CVE-2017-9138

REFERENCES
url:http://www.tendacn.com/en/2017.html
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9138
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9138
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-07749 // 
            
            
            
            VULHUB: VHN-117341 // 
            
            
            
            JVNDB: JVNDB-2017-004377 // 
            
            
            
            CNNVD: CNNVD-201705-916 // 
            
            
            
            NVD: CVE-2017-9138

SOURCES
db:CNVDid:CNVD-2017-07749
db:VULHUBid:VHN-117341
db:JVNDBid:JVNDB-2017-004377
db:CNNVDid:CNNVD-201705-916
db:NVDid:CVE-2017-9138

LAST UPDATE DATE
2024-11-23T23:02:28.578000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07749date:2017-05-31T00:00:00
db:VULHUBid:VHN-117341date:2017-06-02T00:00:00
db:JVNDBid:JVNDB-2017-004377date:2017-06-23T00:00:00
db:CNNVDid:CNNVD-201705-916date:2017-05-22T00:00:00
db:NVDid:CVE-2017-9138date:2024-11-21T03:35:24.573

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07749date:2017-05-31T00:00:00
db:VULHUBid:VHN-117341date:2017-05-21T00:00:00
db:JVNDBid:JVNDB-2017-004377date:2017-06-23T00:00:00
db:CNNVDid:CNNVD-201705-916date:2017-05-22T00:00:00
db:NVDid:CVE-2017-9138date:2017-05-21T22:29:00.180