← Volver a CVEs
CVE-2019-13140
MEDIUM6.5
Descripcion
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado9/16/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
intenogroup:eg200intenogroup:eg200_firmware
Debilidades (CWE)
CWE-552
Referencias
http://packetstormsecurity.com/files/154494/Inteno-IOPSYS-Gateway-3DES-Key-Extraction-Improper-Access.html(cve@mitre.org)
https://twitter.com/GerardFuguet/status/1169298861782896642(cve@mitre.org)
https://www.exploit-db.com/docs/47397(cve@mitre.org)
https://www.exploit-db.com/exploits/47390(cve@mitre.org)
http://packetstormsecurity.com/files/154494/Inteno-IOPSYS-Gateway-3DES-Key-Extraction-Improper-Access.html(af854a3a-2127-422b-91ae-364da2661108)
https://twitter.com/GerardFuguet/status/1169298861782896642(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/docs/47397(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/47390(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.