Vulnerability Description
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adbglobal | Dv2210 Firmware | - |
| Adbglobal | Dv2210 | - |
| Adbglobal | Vv2220 Firmware | - |
| Adbglobal | Vv2220 | - |
| Adbglobal | Vv5522 Firmware | - |
| Adbglobal | Vv5522 | - |
| Adbglobal | Prg Av4202N Firmware | - |
| Adbglobal | Prg Av4202N | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.htmlThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jul/18Mailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/542119/100/0/threadedThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/44982/Third Party AdvisoryVDB Entry
- https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-bExploitThird Party Advisory
- http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.htmlThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Jul/18Mailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/542119/100/0/threadedThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/44982/Third Party AdvisoryVDB Entry
- https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-bExploitThird Party Advisory
FAQ
What is CVE-2018-13109?
CVE-2018-13109 is a vulnerability with a CVSS score of 7.5 (HIGH). All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web int...
How severe is CVE-2018-13109?
CVE-2018-13109 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-13109?
Check the references section above for vendor advisories and patch information. Affected products include: Adbglobal Dv2210 Firmware, Adbglobal Dv2210, Adbglobal Vv2220 Firmware, Adbglobal Vv2220, Adbglobal Vv5522 Firmware.