Authorization bypass in Advanced Digital Broadcast products - CVE-2018-13109
Published: July 9, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU13616
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-13109
CWE-ID: CWE-862
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Advanced Digital Broadcast
Affected software:
ADB VV 2220
ADB VV 5522
ADB DV 2210
ADB P.RG AV4202N
ADB VV 2220
ADB VV 5522
ADB DV 2210
ADB P.RG AV4202N
Detailed vulnerability description
The vulnerability allows a local attacker can gain elevated privileges on the target system.
The weakness exists in ADB broadband gateways / routers based on the Epicentro platform due to authorization bypass. A local attacker can access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP) and enable the TELNET server or other settings as well.
How to mitigate CVE-2018-13109
Install update from vendor's website.