SB2018070914 - Privilege escalation in ADB Broadband Gateways / Routers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018070914

SB2018070914 - Privilege escalation in ADB Broadband Gateways / Routers

Published: July 9, 2018

Security Bulletin ID SB2018070914
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2018-13108)

The vulnerability allows a local attacker can gain elevated privileges on the target system.
The weakness exists in ADB broadband gateways / routers based on the Epicentro platform due to a local root jailbreak vulnerability. A local attacker can gain root access to the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.

2) Authorization bypass (CVE-ID: CVE-2018-13109)

The vulnerability allows a local attacker can gain elevated privileges on the target system.
The weakness exists in ADB broadband gateways / routers based on the Epicentro platform due to authorization bypass. A local attacker can access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP) and enable the TELNET server or other settings as well.

3) Privilege escalation (CVE-ID: CVE-2018-13110)

The vulnerability allows a local attacker can gain elevated privileges on the target system.
The weakness exists in ADB broadband gateways / routers based on the Epicentro platform due to unspecified flaw. A local attacker can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate privileges, and perform further attacks.

Remediation

Install update from vendor's website.

References