Sign-up

ID

VAR-201805-0554


CVE

CVE-2018-11094


TITLE

Intelbras NCLOUD 300 Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-005221

DESCRIPTION

An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved. Intelbras NCLOUD 300 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelbrasNCLOUD300 is a wireless router device from Intelbras, Brazil. A security vulnerability exists in IntelbrasNCLOUD 3001.0, which is caused by a program that fails to require authentication. An attacker can use the vulnerability to obtain sensitive information (such as username, password, and other details) or cause it by sending a request to /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings Denial of service (restart), open or close the VPN

Trust: 2.34

sources: NVD: CVE-2018-11094 // JVNDB: JVNDB-2018-005221 // CNVD: CNVD-2018-09824 // VULHUB: VHN-120919 // VULMON: CVE-2018-11094

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09824

AFFECTED PRODUCTS

vendor:intelbrasmodel:ncloud 300scope:eqversion:1.0

Trust: 2.4

vendor:intelbrasmodel:ncloudscope:eqversion:3001.0

Trust: 0.6

sources: CNVD: CNVD-2018-09824 // JVNDB: JVNDB-2018-005221 // CNNVD: CNNVD-201805-454 // NVD: CVE-2018-11094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11094
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11094
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-09824
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-454
value: CRITICAL

Trust: 0.6

VULHUB: VHN-120919
value: HIGH

Trust: 0.1

VULMON: CVE-2018-11094
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11094
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-09824
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-120919
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11094
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09824 // VULHUB: VHN-120919 // VULMON: CVE-2018-11094 // JVNDB: JVNDB-2018-005221 // CNNVD: CNNVD-201805-454 // NVD: CVE-2018-11094

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-120919 // JVNDB: JVNDB-2018-005221 // NVD: CVE-2018-11094

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-454

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005221

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-120919 // 
            
            
            
            VULMON: CVE-2018-11094

PATCH
title:NCLOUDurl:http://www.intelbras.com.br/empresarial/wi-fi/para-sua-casa/roteadores/ncloud
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005221

EXTERNAL IDS
db:NVDid:CVE-2018-11094
Trust: 3.2
db:EXPLOIT-DBid:44637
Trust: 1.2
db:JVNDBid:JVNDB-2018-005221
Trust: 0.8
db:CNVDid:CNVD-2018-09824
Trust: 0.6
db:CNNVDid:CNNVD-201805-454
Trust: 0.6
db:PACKETSTORMid:147682
Trust: 0.1
db:VULHUBid:VHN-120919
Trust: 0.1
db:VULMONid:CVE-2018-11094
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09824 // 
            
            
            
            VULHUB: VHN-120919 // 
            
            
            
            VULMON: CVE-2018-11094 // 
            
            
            
            JVNDB: JVNDB-2018-005221 // 
            
            
            
            CNNVD: CNNVD-201805-454 // 
            
            
            
            NVD: CVE-2018-11094

REFERENCES
url:https://blog.kos-lab.com/hello-world/
Trust: 3.2
url:https://www.exploit-db.com/exploits/44637/
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11094
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11094
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09824 // 
            
            
            
            VULHUB: VHN-120919 // 
            
            
            
            VULMON: CVE-2018-11094 // 
            
            
            
            JVNDB: JVNDB-2018-005221 // 
            
            
            
            CNNVD: CNNVD-201805-454 // 
            
            
            
            NVD: CVE-2018-11094

SOURCES
db:CNVDid:CNVD-2018-09824
db:VULHUBid:VHN-120919
db:VULMONid:CVE-2018-11094
db:JVNDBid:JVNDB-2018-005221
db:CNNVDid:CNNVD-201805-454
db:NVDid:CVE-2018-11094

LAST UPDATE DATE
2024-11-23T22:34:17.048000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09824date:2018-05-18T00:00:00
db:VULHUBid:VHN-120919date:2018-06-22T00:00:00
db:VULMONid:CVE-2018-11094date:2018-06-22T00:00:00
db:JVNDBid:JVNDB-2018-005221date:2018-07-10T00:00:00
db:CNNVDid:CNNVD-201805-454date:2018-05-17T00:00:00
db:NVDid:CVE-2018-11094date:2024-11-21T03:42:39.967

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09824date:2018-05-18T00:00:00
db:VULHUBid:VHN-120919date:2018-05-15T00:00:00
db:VULMONid:CVE-2018-11094date:2018-05-15T00:00:00
db:JVNDBid:JVNDB-2018-005221date:2018-07-10T00:00:00
db:CNNVDid:CNNVD-201805-454date:2018-05-16T00:00:00
db:NVDid:CVE-2018-11094date:2018-05-15T19:29:00.143