Details of VAR-201802-0965

ID

VAR-201802-0965

CVE

CVE-2018-7034

TITLE

plural TRENDnet Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-002279

DESCRIPTION

TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. TRENDnet TEW-751DR , TEW-752DRU ,and TEW733GR The device contains an input validation vulnerability.Information may be obtained. TEW-751DR\\TEW-752DRU\\TEW-733GR is a router product of TrendNET Trends. An information disclosure vulnerability exists in the TrendNET router device. An attacker can exploit the vulnerability to obtain the admin user password without logging in. Input validation vulnerabilities exist in TRENDnet TEW-751DR version 1.03B03, TEW-752DRU version 1.03B01, and TEW733GR version 1.03B01

Trust: 2.25

sources: NVD: CVE-2018-7034 // JVNDB: JVNDB-2018-002279 // CNVD: CNVD-2018-03473 // VULHUB: VHN-137066

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-03473

AFFECTED PRODUCTS

vendor:	trendnet	model:	tew-751dr	scope:	eq	version:	1.03b03	Trust: 2.4
vendor:	trendnet	model:	tew-752dru	scope:	eq	version:	1.03b01	Trust: 2.4
vendor:	trendnet	model:	tew733gr	scope:	eq	version:	1.03b01	Trust: 2.4
vendor:	trendnet	model:	tew-752dru	scope:	-	version:	-	Trust: 0.6
vendor:	trendnet	model:	tew733gr	scope:	-	version:	-	Trust: 0.6
vendor:	trendnet	model:	tew-751dr	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-03473 // JVNDB: JVNDB-2018-002279 // CNNVD: CNNVD-201802-918 // NVD: CVE-2018-7034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7034
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7034
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-03473
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201802-918
value:	HIGH
Trust: 0.6
VULHUB:	VHN-137066
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7034
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-03473
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137066
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7034
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-03473 // VULHUB: VHN-137066 // JVNDB: JVNDB-2018-002279 // CNNVD: CNNVD-201802-918 // NVD: CVE-2018-7034

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-137066 // JVNDB: JVNDB-2018-002279 // NVD: CVE-2018-7034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-918

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201802-918

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002279

PATCH

title:	Top Page	url:	http://www.trendnet.com/home	Trust: 0.8
title:	TrendNET Router Device Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/119075	Trust: 0.6

sources: CNVD: CNVD-2018-03473 // JVNDB: JVNDB-2018-002279

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7034	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-002279	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-918	Trust: 0.7
db:	SEEBUG	id:	SSVID-97132	Trust: 0.6
db:	CNVD	id:	CNVD-2018-03473	Trust: 0.6
db:	VULHUB	id:	VHN-137066	Trust: 0.1

sources: CNVD: CNVD-2018-03473 // VULHUB: VHN-137066 // JVNDB: JVNDB-2018-002279 // CNNVD: CNNVD-201802-918 // NVD: CVE-2018-7034

REFERENCES

url:	https://blogs.securiteam.com/index.php/archives/3627	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7034	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7034	Trust: 0.8
url:	https://www.seebug.org/vuldb/ssvid-97132	Trust: 0.6

sources: CNVD: CNVD-2018-03473 // VULHUB: VHN-137066 // JVNDB: JVNDB-2018-002279 // CNNVD: CNNVD-201802-918 // NVD: CVE-2018-7034

SOURCES

db:	CNVD	id:	CNVD-2018-03473
db:	VULHUB	id:	VHN-137066
db:	JVNDB	id:	JVNDB-2018-002279
db:	CNNVD	id:	CNNVD-201802-918
db:	NVD	id:	CVE-2018-7034

LAST UPDATE DATE

2024-08-14T15:18:28.514000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-03473	date:	2018-03-05T00:00:00
db:	VULHUB	id:	VHN-137066	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-002279	date:	2018-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201802-918	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2018-7034	date:	2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-03473	date:	2018-04-09T00:00:00
db:	VULHUB	id:	VHN-137066	date:	2018-02-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-002279	date:	2018-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201802-918	date:	2018-02-14T00:00:00
db:	NVD	id:	CVE-2018-7034	date:	2018-02-14T16:29:00.217