Sign-up

ID

VAR-201803-2168


CVE

CVE-2018-5770


TITLE

Tenda AC15 Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-003318

DESCRIPTION

An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. Tenda AC15 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC15 is a wireless router product from Tenda

Trust: 2.34

sources: NVD: CVE-2018-5770 // JVNDB: JVNDB-2018-003318 // CNVD: CNVD-2018-05960 // VULHUB: VHN-135802 // VULMON: CVE-2018-5770

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05960

AFFECTED PRODUCTS

vendor:tendacnmodel:ac15scope:eqversion: -

Trust: 1.6

vendor:tendamodel:ac15scope: - version: -

Trust: 0.8

vendor: - model:tenda technology co.,ltd. ac15scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-05960 // JVNDB: JVNDB-2018-003318 // CNNVD: CNNVD-201803-714 // NVD: CVE-2018-5770

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5770
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5770
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-05960
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-714
value: CRITICAL

Trust: 0.6

VULHUB: VHN-135802
value: HIGH

Trust: 0.1

VULMON: CVE-2018-5770
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5770
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-05960
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135802
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5770
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05960 // VULHUB: VHN-135802 // VULMON: CVE-2018-5770 // JVNDB: JVNDB-2018-003318 // CNNVD: CNNVD-201803-714 // NVD: CVE-2018-5770

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-135802 // JVNDB: JVNDB-2018-003318 // NVD: CVE-2018-5770

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-714

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201803-714

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003318

PATCH
title:Top Pageurl:http://www.tendacn.com/en/default.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-003318

EXTERNAL IDS
db:NVDid:CVE-2018-5770
Trust: 3.2
db:JVNDBid:JVNDB-2018-003318
Trust: 0.8
db:CNVDid:CNVD-2018-05960
Trust: 0.6
db:CNNVDid:CNNVD-201803-714
Trust: 0.6
db:VULHUBid:VHN-135802
Trust: 0.1
db:VULMONid:CVE-2018-5770
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05960 // 
            
            
            
            VULHUB: VHN-135802 // 
            
            
            
            VULMON: CVE-2018-5770 // 
            
            
            
            JVNDB: JVNDB-2018-003318 // 
            
            
            
            CNNVD: CNNVD-201803-714 // 
            
            
            
            NVD: CVE-2018-5770

REFERENCES
url:https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770/
Trust: 3.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5770
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5770
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/1188.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05960 // 
            
            
            
            VULHUB: VHN-135802 // 
            
            
            
            VULMON: CVE-2018-5770 // 
            
            
            
            JVNDB: JVNDB-2018-003318 // 
            
            
            
            CNNVD: CNNVD-201803-714 // 
            
            
            
            NVD: CVE-2018-5770

SOURCES
db:CNVDid:CNVD-2018-05960
db:VULHUBid:VHN-135802
db:VULMONid:CVE-2018-5770
db:JVNDBid:JVNDB-2018-003318
db:CNNVDid:CNNVD-201803-714
db:NVDid:CVE-2018-5770

LAST UPDATE DATE
2024-11-23T22:00:38.711000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05960date:2018-03-22T00:00:00
db:VULHUBid:VHN-135802date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-5770date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-003318date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-714date:2019-10-23T00:00:00
db:NVDid:CVE-2018-5770date:2024-11-21T04:09:21.773

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05960date:2018-03-22T00:00:00
db:VULHUBid:VHN-135802date:2018-03-20T00:00:00
db:VULMONid:CVE-2018-5770date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003318date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-714date:2018-03-21T00:00:00
db:NVDid:CVE-2018-5770date:2018-03-20T15:29:00.657