Sign-up

ID

VAR-201906-0771


CVE

CVE-2017-8330


TITLE

plural Securifi Almond Vulnerability related to input validation in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-014538

DESCRIPTION

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in crashing the process. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "miniupnpd" is the one that has the vulnerable function that receives the values sent by the SOAP request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function WscDevPutMessage at address 0x0041DBB8 in IDA pro is identified to be receiving the values sent in the SOAP request. The SOAP parameter "NewInMesage" received at address 0x0041DC30 causes the miniupnpd process to finally crash when a second request is sent to the same process. Securifi Almond , Almond+ , Almond 2015 There is an input validation vulnerability in the device firmware.Service operation interruption (DoS) There is a possibility of being put into a state. Securifi Almond is a wireless router with a touch screen. An attacker can exploit this vulnerability to crash the miniupnpd process

Trust: 1.8

sources: NVD: CVE-2017-8330 // JVNDB: JVNDB-2017-014538 // VULHUB: VHN-116533 // VULMON: CVE-2017-8330

AFFECTED PRODUCTS

vendor:securifimodel:almond 2015scope:eqversion:al-r096

Trust: 1.8

vendor:securifimodel:almondscope:eqversion:al-r096

Trust: 1.8

vendor:securifimodel:almond\+scope:eqversion:al-r096

Trust: 1.0

vendor:securifimodel:almond+scope:eqversion:al-r096

Trust: 0.8

sources: JVNDB: JVNDB-2017-014538 // NVD: CVE-2017-8330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8330
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8330
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-714
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116533
value: LOW

Trust: 0.1

VULMON: CVE-2017-8330
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-8330
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-116533
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8330
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116533 // VULMON: CVE-2017-8330 // JVNDB: JVNDB-2017-014538 // CNNVD: CNNVD-201906-714 // NVD: CVE-2017-8330

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-116533 // JVNDB: JVNDB-2017-014538 // NVD: CVE-2017-8330

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201906-714

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201906-714

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014538

PATCH
title:almondurl:https://www.securifi.com/ja/almond
Trust: 0.8
title:almondplusurl:https://www.securifi.com/ja/almondplus
Trust: 0.8
title:almond-2015url:https://www.securifi.com/ja/almond-2015
Trust: 0.8
title:Securifi Almond Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93899
Trust: 0.6
title:IoT_vulnerabilitiesurl:https://github.com/ethanhunnt/IoT_vulnerabilities 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-8330 // 
            
            
            
            JVNDB: JVNDB-2017-014538 // 
            
            
            
            CNNVD: CNNVD-201906-714

EXTERNAL IDS
db:NVDid:CVE-2017-8330
Trust: 2.7
db:PACKETSTORMid:153227
Trust: 1.9
db:JVNDBid:JVNDB-2017-014538
Trust: 0.8
db:CNNVDid:CNNVD-201906-714
Trust: 0.7
db:VULHUBid:VHN-116533
Trust: 0.1
db:VULMONid:CVE-2017-8330
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116533 // 
            
            
            
            VULMON: CVE-2017-8330 // 
            
            
            
            JVNDB: JVNDB-2017-014538 // 
            
            
            
            PACKETSTORM: 153227 // 
            
            
            
            CNNVD: CNNVD-201906-714 // 
            
            
            
            NVD: CVE-2017-8330

REFERENCES
url:https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/securifi_almond_plus_sec_issues.pdf
Trust: 2.6
url:https://seclists.org/bugtraq/2019/jun/8
Trust: 1.8
url:http://packetstormsecurity.com/files/153227/securifi-almond-2015-buffer-overflow-command-injection-xss-csrf.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8330
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8330
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ethanhunnt/iot_vulnerabilities
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8333
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8335
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8329
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8337
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8328
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8331
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8336
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8334
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-8332
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116533 // 
            
            
            
            VULMON: CVE-2017-8330 // 
            
            
            
            JVNDB: JVNDB-2017-014538 // 
            
            
            
            PACKETSTORM: 153227 // 
            
            
            
            CNNVD: CNNVD-201906-714 // 
            
            
            
            NVD: CVE-2017-8330

CREDITS
Mandar Satam
Trust: 0.1
sources:
            
            
            PACKETSTORM: 153227

SOURCES
db:VULHUBid:VHN-116533
db:VULMONid:CVE-2017-8330
db:JVNDBid:JVNDB-2017-014538
db:PACKETSTORMid:153227
db:CNNVDid:CNNVD-201906-714
db:NVDid:CVE-2017-8330

LAST UPDATE DATE
2024-11-23T21:52:10.511000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116533date:2019-06-21T00:00:00
db:VULMONid:CVE-2017-8330date:2019-06-21T00:00:00
db:JVNDBid:JVNDB-2017-014538date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-714date:2019-06-24T00:00:00
db:NVDid:CVE-2017-8330date:2024-11-21T03:33:46.460

SOURCES RELEASE DATE
db:VULHUBid:VHN-116533date:2019-06-18T00:00:00
db:VULMONid:CVE-2017-8330date:2019-06-18T00:00:00
db:JVNDBid:JVNDB-2017-014538date:2019-06-25T00:00:00
db:PACKETSTORMid:153227date:2019-06-07T15:06:02
db:CNNVDid:CNNVD-201906-714date:2019-06-18T00:00:00
db:NVDid:CVE-2017-8330date:2019-06-18T21:15:09.777