CVE-2018-13109 Information

Description

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g. by the ISP). An attacker would be able to enable the TELNET server or other settings as well.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html http://seclists.org/fulldisclosure/2018/Jul/18 http://www.securityfocus.com/archive/1/542119/100/0/threaded https://www.exploit-db.com/exploits/44982/ https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5