CVE-2018-6312 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Foxconn	Ap-Fc4064-T Firmware	ap_gt_b38_5.8.3lb15-w47_lte
Foxconn	Ap-Fc4064-T	-

Related Weaknesses (CWE)

CWE-521

References

https://gist.github.com/DrmnSamoLiu/cd1d6fa59501f161616686296aa4a6c8Third Party Advisory
https://gist.github.com/DrmnSamoLiu/cd1d6fa59501f161616686296aa4a6c8Third Party Advisory

FAQ

What is CVE-2018-6312?

CVE-2018-6312 is a vulnerability with a CVSS score of 7.2 (HIGH). A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interfac...

How severe is CVE-2018-6312?

CVE-2018-6312 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-6312?

Check the references section above for vendor advisories and patch information. Affected products include: Foxconn Ap-Fc4064-T Firmware, Foxconn Ap-Fc4064-T.