Vulnerabilities > CVE-2018-13109 - Incorrect Authorization vulnerability in Adbglobal products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 | |
| Hardware | 4 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | ADB Broadband Gateways / Routers - Authorization Bypass. CVE-2018-13109. Webapps exploit for Hardware platform. Tags: Authentication Bypass / Credentials Byp... |
| file | exploits/hardware/webapps/44982.txt |
| id | EDB-ID:44982 |
| last seen | 2018-07-05 |
| modified | 2018-07-05 |
| platform | hardware |
| port | 80 |
| published | 2018-07-05 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/44982/ |
| title | ADB Broadband Gateways / Routers - Authorization Bypass |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/148429/SA-20180704-1.txt |
| id | PACKETSTORM:148429 |
| last seen | 2018-07-06 |
| published | 2018-07-04 |
| reporter | Johannes Greil |
| source | https://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html |
| title | ADB Authorization Bypass |
References
- https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/
- http://seclists.org/fulldisclosure/2018/Jul/18
- http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html
- https://www.exploit-db.com/exploits/44982/
- http://www.securityfocus.com/archive/1/542119/100/0/threaded