Описание
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:intenogroup:eg200_firmware:eg200-wu7p1u_adamo3.16.4-190226_1650:*:*:*:*:*:*:*
cpe:2.3:h:intenogroup:eg200:-:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01158
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-552
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.
EPSS
Процентиль: 78%
0.01158
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-552