CVE-2016-10372 Information
Share on:
Feb 14, 2021
cve
Description
The Eir D1000 modem does not properly restrict the TR-064 protocol which allows remote attackers to execute arbitrary commands via TCP port 7547 as demonstrated by opening WAN access to TCP port 80 retrieving the login password (which defaults to the Wi-Fi password) and using the NewNTPServer feature.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/ https://ghostbin.com/paste/q2vq2 https://isc.sans.edu/forums/diary/TR069+NewNTPServer+Exploits+What+we+know+so+far/21763/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8