Sign-up

ID

VAR-201810-1148


CVE

CVE-2018-3953


TITLE

Linksys E1200 Firmware and Linksys E2500 In firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013728

DESCRIPTION

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed. The BelkinLinksys E1200 and E2500 are both E-series wireless router products from Belkin. An attacker can exploit this vulnerability to execute arbitrary commands on the system by sending a specially crafted request

Trust: 2.25

sources: NVD: CVE-2018-3953 // JVNDB: JVNDB-2018-013728 // CNVD: CNVD-2019-22778 // VULHUB: VHN-133984

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-22778

AFFECTED PRODUCTS

vendor:linksysmodel:e1200scope:eqversion:2.0.09

Trust: 1.0

vendor:linksysmodel:e2500scope:eqversion:3.0.04

Trust: 1.0

vendor:cisco linksysmodel:e1200scope:eqversion:2.0.09

Trust: 0.8

vendor:cisco linksysmodel:e2500scope:eqversion:3.0.04

Trust: 0.8

vendor:belkinmodel:linksys e2500scope:eqversion:3.0.04

Trust: 0.6

vendor:belkinmodel:linksys e1200scope:eqversion:2.0.09

Trust: 0.6

sources: CNVD: CNVD-2019-22778 // JVNDB: JVNDB-2018-013728 // NVD: CVE-2018-3953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3953
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2018-3953
value: HIGH

Trust: 1.0

NVD: CVE-2018-3953
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-22778
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201810-794
value: HIGH

Trust: 0.6

VULHUB: VHN-133984
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-3953
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-22778
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-133984
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2018-3953
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2018-3953
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-22778 // VULHUB: VHN-133984 // JVNDB: JVNDB-2018-013728 // CNNVD: CNNVD-201810-794 // NVD: CVE-2018-3953 // NVD: CVE-2018-3953

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-133984 // JVNDB: JVNDB-2018-013728 // NVD: CVE-2018-3953

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-794

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201810-794

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013728

PATCH
title:Top Pageurl:https://www.linksys.com/us/
Trust: 0.8
title:Patch for LinksysE1200 and E2500 Operating System Command Injection Vulnerability (CNVD-2019-22778)url:https://www.cnvd.org.cn/patchInfo/show/169113
Trust: 0.6
title:Linksys E1200  and E2500 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85867
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-22778 // 
            
            
            
            JVNDB: JVNDB-2018-013728 // 
            
            
            
            CNNVD: CNNVD-201810-794

EXTERNAL IDS
db:NVDid:CVE-2018-3953
Trust: 3.1
db:TALOSid:TALOS-2018-0625
Trust: 2.5
db:JVNDBid:JVNDB-2018-013728
Trust: 0.8
db:CNNVDid:CNNVD-201810-794
Trust: 0.7
db:CNVDid:CNVD-2019-22778
Trust: 0.6
db:VULHUBid:VHN-133984
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-22778 // 
            
            
            
            VULHUB: VHN-133984 // 
            
            
            
            JVNDB: JVNDB-2018-013728 // 
            
            
            
            CNNVD: CNNVD-201810-794 // 
            
            
            
            NVD: CVE-2018-3953

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2018-0625
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-3953
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3953
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-22778 // 
            
            
            
            VULHUB: VHN-133984 // 
            
            
            
            JVNDB: JVNDB-2018-013728 // 
            
            
            
            CNNVD: CNNVD-201810-794 // 
            
            
            
            NVD: CVE-2018-3953

SOURCES
db:CNVDid:CNVD-2019-22778
db:VULHUBid:VHN-133984
db:JVNDBid:JVNDB-2018-013728
db:CNNVDid:CNNVD-201810-794
db:NVDid:CVE-2018-3953

LAST UPDATE DATE
2024-11-23T22:21:54.760000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-22778date:2019-07-16T00:00:00
db:VULHUBid:VHN-133984date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2018-013728date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201810-794date:2022-04-20T00:00:00
db:NVDid:CVE-2018-3953date:2024-11-21T04:06:22.467

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-22778date:2019-07-16T00:00:00
db:VULHUBid:VHN-133984date:2018-10-17T00:00:00
db:JVNDBid:JVNDB-2018-013728date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201810-794date:2018-10-17T00:00:00
db:NVDid:CVE-2018-3953date:2018-10-17T02:29:01.420