CVE-2018-18473

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.

Ссылки

https://herolab.usd.de/wp-content/uploads/sites/4/usd20180020.txt
Exploit
Third Party Advisory
https://www.patlite.com/support/Security_Informationtest.html
https://herolab.usd.de/wp-content/uploads/sites/4/usd20180020.txt
Exploit
Third Party Advisory
https://www.patlite.com/support/Security_Informationtest.html

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:patlite:nbm-d88n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:patlite:nbm-d88n:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:patlite:nhl-3fb1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:patlite:nhl-3fb1:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:patlite:nhl-3fv1n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:patlite:nhl-3fv1n:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.07003

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-2frq-p9c8-qr2h

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 91%

0.07003

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798