Details of VAR-201802-1227

ID

VAR-201802-1227

CVE

CVE-2018-5767

TITLE

Tenda AC15 Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-002267 // CNNVD: CNNVD-201802-893

DESCRIPTION

An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. Tenda AC15 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC15 is a wireless router product from Tenda. ** Advisory Information Title: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router Blog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ Vendor: Tenda Date Published: 14/02/2018 CVE: CVE-2018-5767 ** Vulnerability Summary The vulnerability in question is caused by a buffer overflow due to unsanitised user input being passed directly to a call to sscanf. ** Vendor Response Numerous attempts were made to contact the vendor with no success. Due to the nature of the vulnerability, offset's have been redacted from the post to prevent point and click exploitation. ** Report Timeline Vulnerability discovered and first reported - 14/1/2018 Second attempt to make contact, further informing the vendor of the severity of the vulnerability - 18/1/2018 CVE's assigned by Mitre.org - 19/1/2018 Livechat attempt to contact vendor - 19/1/2018 Another attempt to contact vendor 23/1/2018 Further attempt to contact vendor, confirming 5 CVE's had been assigned to their product - 31/1/2018 Final contact attempted & warning of public disclosure - 8/2/2018 Public disclosure - 14/2/2018 ** Credit This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team. ** References https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ ** Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/ [https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]

Trust: 2.43

sources: NVD: CVE-2018-5767 // JVNDB: JVNDB-2018-002267 // CNVD: CNVD-2018-07423 // VULHUB: VHN-135799 // VULMON: CVE-2018-5767 // PACKETSTORM: 146424

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-07423

AFFECTED PRODUCTS

vendor:	tendacn	model:	ac15	scope:	eq	version:	15.03.1.16	Trust: 1.6
vendor:	tenda	model:	ac15	scope:	eq	version:	15.03.1.16	Trust: 0.8
vendor:	tenda	model:	ac15 router	scope:	eq	version:	v15.03.1.16	Trust: 0.6

sources: CNVD: CNVD-2018-07423 // JVNDB: JVNDB-2018-002267 // CNNVD: CNNVD-201802-893 // NVD: CVE-2018-5767

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5767
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-5767
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-07423
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201802-893
value:	HIGH
Trust: 0.6
VULHUB:	VHN-135799
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-5767
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-5767
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-07423
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-135799
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5767
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-07423 // VULHUB: VHN-135799 // VULMON: CVE-2018-5767 // JVNDB: JVNDB-2018-002267 // CNNVD: CNNVD-201802-893 // NVD: CVE-2018-5767

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-135799 // JVNDB: JVNDB-2018-002267 // NVD: CVE-2018-5767

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-893

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201802-893

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002267

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-135799 // VULMON: CVE-2018-5767

PATCH

title:

AC15

url:

http://tendacn.com/en/product/AC15.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-002267

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5767	Trust: 3.3
db:	EXPLOIT-DB	id:	44253	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-002267	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-893	Trust: 0.7
db:	CNVD	id:	CNVD-2018-07423	Trust: 0.6
db:	PACKETSTORM	id:	146424	Trust: 0.2
db:	SEEBUG	id:	SSVID-97161	Trust: 0.1
db:	VULHUB	id:	VHN-135799	Trust: 0.1
db:	VULMON	id:	CVE-2018-5767	Trust: 0.1

sources: CNVD: CNVD-2018-07423 // VULHUB: VHN-135799 // VULMON: CVE-2018-5767 // JVNDB: JVNDB-2018-002267 // PACKETSTORM: 146424 // CNNVD: CNNVD-201802-893 // NVD: CVE-2018-5767

REFERENCES

url:	https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/	Trust: 3.3
url:	https://www.exploit-db.com/exploits/44253/	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5767	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5767	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://creativecommons.org/licenses/by-nc-sa/3.0/	Trust: 0.1
url:	https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]	Trust: 0.1

CREDITS

Tim Carrington

Trust: 0.1

sources: PACKETSTORM: 146424

SOURCES

db:	CNVD	id:	CNVD-2018-07423
db:	VULHUB	id:	VHN-135799
db:	VULMON	id:	CVE-2018-5767
db:	JVNDB	id:	JVNDB-2018-002267
db:	PACKETSTORM	id:	146424
db:	CNNVD	id:	CNNVD-201802-893
db:	NVD	id:	CVE-2018-5767

LAST UPDATE DATE

2024-11-23T23:12:14.471000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07423	date:	2018-04-11T00:00:00
db:	VULHUB	id:	VHN-135799	date:	2018-03-15T00:00:00
db:	VULMON	id:	CVE-2018-5767	date:	2018-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-002267	date:	2018-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201802-893	date:	2018-04-26T00:00:00
db:	NVD	id:	CVE-2018-5767	date:	2024-11-21T04:09:21.460

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-07423	date:	2018-04-11T00:00:00
db:	VULHUB	id:	VHN-135799	date:	2018-02-15T00:00:00
db:	VULMON	id:	CVE-2018-5767	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-002267	date:	2018-04-05T00:00:00
db:	PACKETSTORM	id:	146424	date:	2018-02-16T18:32:22
db:	CNNVD	id:	CNNVD-201802-893	date:	2018-02-15T00:00:00
db:	NVD	id:	CVE-2018-5767	date:	2018-02-15T23:29:00.513