CVE-2018-20512 - OpenCVE

EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cdatatec	Fd600-301gw Fd600-108f-hz500 Fd600-304 Epon Cpe-wifi Devices Firmware Fd404gw Fd600-104 Fd111hz Fd404gh Fd214gh Fd111y Fd114y Fd600-304ga-hr511 Fd600-104g Fd212h Fd600-111gw Fd600-304ga-hr500 Fd600-521g Fd600-111g Fd214gw Fd108bn Fd212gw Fd600-301

Configuration 1 [-]

AND

cpe:2.3:o:cdatatec:epon_cpe-wifi_devices_firmware:2.0.4-x000:*:*:*:*:*:*:*

OR	cpe:2.3:h:cdatatec:fd108bn:-:::::::*
	cpe:2.3:h:cdatatec:fd111hz:-:::::::*
	cpe:2.3:h:cdatatec:fd111y:-:::::::*
	cpe:2.3:h:cdatatec:fd114y:-:::::::*
	cpe:2.3:h:cdatatec:fd212gw:-:::::::*
	cpe:2.3:h:cdatatec:fd212h:-:::::::*
	cpe:2.3:h:cdatatec:fd214gh:-:::::::*
	cpe:2.3:h:cdatatec:fd214gw:-:::::::*
	cpe:2.3:h:cdatatec:fd404gh:-:::::::*
	cpe:2.3:h:cdatatec:fd404gw:-:::::::*
	cpe:2.3:h:cdatatec:fd600-104:-:::::::*
	cpe:2.3:h:cdatatec:fd600-104g:-:::::::*
	cpe:2.3:h:cdatatec:fd600-108f-hz500:-:::::::*
	cpe:2.3:h:cdatatec:fd600-111g:-:::::::*
	cpe:2.3:h:cdatatec:fd600-111gw:-:::::::*
	cpe:2.3:h:cdatatec:fd600-301:-:::::::*
	cpe:2.3:h:cdatatec:fd600-301gw:-:::::::*
	cpe:2.3:h:cdatatec:fd600-304:-:::::::*
	cpe:2.3:h:cdatatec:fd600-304ga-hr500:-:::::::*
	cpe:2.3:h:cdatatec:fd600-304ga-hr511:-:::::::*
	cpe:2.3:h:cdatatec:fd600-521g:-:::::::*

References

Link	Resource
https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technologies_epon_cpewifi/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-03T19:00:00

Updated: 2019-01-03T18:57:01

Reserved: 2018-12-27T00:00:00

Link: CVE-2018-20512

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-01-03T19:29:01.600

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-20512

JSON object: View

Redhat Information

No data.

CWE

CWE-565

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cdatatec:epon_cpe-wifi_devices_firmware:2.0.4-x000:*:*:*:*:*:*:*", "matchCriteriaId": "9B09F37C-DD48-4521-80AC-5CC6C4E0592A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cdatatec:fd108bn:-:*:*:*:*:*:*:*", "matchCriteriaId": "059A46C6-019C-4AD9-B70D-72C71EFC1C62", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd111hz:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B687326-8CC1-4D29-B0C2-D5B524E3C4AE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd111y:-:*:*:*:*:*:*:*", "matchCriteriaId": "6373AE4B-251A-447F-97C4-2CF802B9EF99", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd114y:-:*:*:*:*:*:*:*", "matchCriteriaId": "30E247D5-66FD-4048-A706-A4A69EEC545F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd212gw:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DA42B30-7BA7-4040-A41C-943ECA50A9AC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd212h:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4D4CFE0-B851-44D0-8918-F6943E1E7114", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd214gh:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDB25AF3-6D75-4C8A-8BEF-0360DC527E8B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd214gw:-:*:*:*:*:*:*:*", "matchCriteriaId": "D600CA55-EC90-403A-A8D8-7DC7A83F2A58", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd404gh:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F0D7A39-0BBA-4E55-9DEC-305CD352D9B5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd404gw:-:*:*:*:*:*:*:*", "matchCriteriaId": "046870DC-BB77-45A1-A798-9A642E119E1B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-104:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EB2EE72-3732-429D-AEF4-EA2B15E54BB7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-104g:-:*:*:*:*:*:*:*", "matchCriteriaId": "B43812BD-AC94-48E2-B322-1051D461AAF5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-108f-hz500:-:*:*:*:*:*:*:*", "matchCriteriaId": "24028EF6-AE1F-4D0D-A761-589E23397033", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-111g:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4D9682C-A827-42E0-88D2-1326B01CA34C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-111gw:-:*:*:*:*:*:*:*", "matchCriteriaId": "F385EA69-68BC-45E6-934E-22DA277A8955", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-301:-:*:*:*:*:*:*:*", "matchCriteriaId": "37861E94-1776-452E-9D84-5B2437458042", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-301gw:-:*:*:*:*:*:*:*", "matchCriteriaId": "7227B0D5-65E5-4206-889E-6D6AD7A38052", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-304:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAA7FBA2-0BF4-4FE4-B2AC-1A72C5D8AF16", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-304ga-hr500:-:*:*:*:*:*:*:*", "matchCriteriaId": "B554BF64-C14F-4BA1-937D-1927F073D69D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-304ga-hr511:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FF01F62-EAD9-4503-A5A4-AE35D0779463", "vulnerable": false}, {"criteria": "cpe:2.3:h:cdatatec:fd600-521g:-:*:*:*:*:*:*:*", "matchCriteriaId": "0651E102-3393-4775-A70A-03E0B232DF53", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies."}, {"lang": "es", "value": "Los dispositivos EPON CPE-WiFi 2.0.4-X000 son vulnerables a un escalado de privilegios enviando cookies de cooLogin=1, cooUser=admin y timestamp=-1."}], "id": "CVE-2018-20512", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-03T19:29:01.600", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technologies_epon_cpewifi/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-565"}], "source": "nvd@nist.gov", "type": "Primary"}]}