CVE-2018-13108 - OpenCVE

All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Adbglobal	Vv2220 Prg Av4202n Vv2220 Firmware Vv5522 Prg Av4202n Firmware Dv2210 Firmware Vv5522 Firmware Dv2210

Configuration 1 [-]

AND

cpe:2.3:o:adbglobal:dv2210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:adbglobal:dv2210:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:adbglobal:vv2220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:adbglobal:vv2220:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:adbglobal:vv5522_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:adbglobal:vv5522:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:adbglobal:prg_av4202n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:adbglobal:prg_av4202n:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2018/Jul/17	Mailing List Third Party Advisory
http://www.securityfocus.com/archive/1/542117/100/0/threaded
https://www.exploit-db.com/exploits/44983/	Third Party Advisory VDB Entry
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-06T14:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2018-07-03T00:00:00

Link: CVE-2018-13108

JSON object: View

NVD Information

Status : Modified

Published: 2018-07-06T14:29:01.053

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-13108

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-04T00:00:00", "descriptions": [{"lang": "en", "value": "All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2018/Jul/17"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html"}, {"name": "44983", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44983/"}, {"name": "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/542117/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13108", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2018/Jul/17"}, {"name": "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html"}, {"name": "44983", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44983/"}, {"name": "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/542117/100/0/threaded"}, {"name": "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/", "refsource": "MISC", "url": "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-13108", "datePublished": "2018-07-06T14:00:00", "dateReserved": "2018-07-03T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:adbglobal:dv2210_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A77BB710-A438-4103-9414-053669AE1E5A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:adbglobal:dv2210:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C413482-3B9F-43B6-BBEF-6798950BD3F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:adbglobal:vv2220_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "81AE15CE-5C84-42C1-86AD-3DE25D87671C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:adbglobal:vv2220:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB5F965B-9757-4AEF-B056-F3EC9CBED5AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:adbglobal:vv5522_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2E590FB-1395-4A3F-AFE5-9BA7FB06D791", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:adbglobal:vv5522:-:*:*:*:*:*:*:*", "matchCriteriaId": "359E299D-7BD3-4D4C-B9E6-D3922F96EF0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:adbglobal:prg_av4202n_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F838B4CD-0B34-45B7-A074-AEF007415D1D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:adbglobal:prg_av4202n:-:*:*:*:*:*:*:*", "matchCriteriaId": "57088CE6-970A-477F-93B4-A39498685358", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP."}, {"lang": "es", "value": "Todos los gateways/routers ADB basados en la plataforma Epicentro se han visto afectados por una vulnerabilidad local de root jailbreak en la que los atacantes pueden obtener acceso root en el dispositivo y extraer m\u00e1s informaci\u00f3n, como datos sensibles de configuraci\u00f3n del ISP (p. ej., credenciales VoIP) o atacar la red interna del ISP."}], "id": "CVE-2018-13108", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-06T14:29:01.053", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Jul/17"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/542117/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44983/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}