CVE-2018-13109

moderate-risk

Published 2018-07-06

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.

Do I need to act?

5.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

44982

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (4)

Dv2210 Firmware

Vv2220 Firmware

Vv5522 Firmware

Prg Av4202N Firmware

Affected Vendors

Adbglobal

References (10)

Third Party Advisory http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html

Mailing List http://seclists.org/fulldisclosure/2018/Jul/18

Third Party Advisory http://www.securityfocus.com/archive/1/542119/100/0/threaded

Third Party Advisory https://www.exploit-db.com/exploits/44982/

Exploit https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-b...

Third Party Advisory http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html

Mailing List http://seclists.org/fulldisclosure/2018/Jul/18

Third Party Advisory http://www.securityfocus.com/archive/1/542119/100/0/threaded

Third Party Advisory https://www.exploit-db.com/exploits/44982/

Exploit https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-b...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 8/34 · Low

Exposure 10/34 · Low