Vulnerability-Lookup

CNVD-2018-22245

Vulnerability from cnvd - Published: 2018-10-31

Title

EE 4GEE HH70 Home Router硬编码Root SSH凭证漏洞

Description

EE 4GEE HH70 Home Router是一款家庭路由器。 EE 4GEE HH70 Home Router存在硬编码Root SSH凭证漏洞，具有默认密码（oelinux123）的攻击者可以作为root用户通过SSH登录路由器，这可能会导致系统的机密性，完整性和可用性丧失。

Severity

高

Patch Name

EE 4GEE HH70 Home Router硬编码Root SSH凭证漏洞的补丁

Patch Description

EE 4GEE HH70 Home Router是一款家庭路由器。 EE 4GEE HH70 Home Router存在硬编码Root SSH凭证漏洞，具有默认密码（oelinux123）的攻击者可以作为root用户通过SSH登录路由器，这可能会导致系统的机密性，完整性和可用性丧失。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://shop.ee.co.uk/dongles/pay-monthly-mobile-broadband/4gee-router/details

Reference

https://seclists.org/fulldisclosure/2018/Oct/52

Impacted products

Name
EE Limited 4GEE Router HH70VB-2BE8GB3 (HH70VB) HH70_E1_02.00_19

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10532"
    }
  },
  "description": "EE 4GEE HH70 Home Router\u662f\u4e00\u6b3e\u5bb6\u5ead\u8def\u7531\u5668\u3002\n\nEE 4GEE HH70 Home Router\u5b58\u5728\u786c\u7f16\u7801Root SSH\u51ed\u8bc1\u6f0f\u6d1e\uff0c\u5177\u6709\u9ed8\u8ba4\u5bc6\u7801\uff08oelinux123\uff09\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u4f5c\u4e3aroot\u7528\u6237\u901a\u8fc7SSH\u767b\u5f55\u8def\u7531\u5668\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u7cfb\u7edf\u7684\u673a\u5bc6\u6027\uff0c\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u4e27\u5931\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://shop.ee.co.uk/dongles/pay-monthly-mobile-broadband/4gee-router/details",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-22245",
  "openTime": "2018-10-31",
  "patchDescription": "EE 4GEE HH70 Home Router\u662f\u4e00\u6b3e\u5bb6\u5ead\u8def\u7531\u5668\u3002\r\n\r\nEE 4GEE HH70 Home Router\u5b58\u5728\u786c\u7f16\u7801Root SSH\u51ed\u8bc1\u6f0f\u6d1e\uff0c\u5177\u6709\u9ed8\u8ba4\u5bc6\u7801\uff08oelinux123\uff09\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u4f5c\u4e3aroot\u7528\u6237\u901a\u8fc7SSH\u767b\u5f55\u8def\u7531\u5668\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u7cfb\u7edf\u7684\u673a\u5bc6\u6027\uff0c\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u4e27\u5931\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EE 4GEE HH70 Home Router\u786c\u7f16\u7801Root SSH\u51ed\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "EE Limited 4GEE Router HH70VB-2BE8GB3 (HH70VB) HH70_E1_02.00_19"
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Oct/52",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-31",
  "title": "EE 4GEE HH70 Home Router\u786c\u7f16\u7801Root SSH\u51ed\u8bc1\u6f0f\u6d1e"
}

CVE-2018-10532 (GCVE-0-2018-10532)

Vulnerability from cvelistv5 – Published: 2018-10-30 18:00 – Updated: 2024-08-05 07:39

Summary

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the "AP Isolation" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

2 references

URL	Tags
https://www.theregister.co.uk/2018/10/26/ee_4gee_…	x_refsource_MISC
https://blog.jameshemmings.co.uk/2018/10/24/4gee-…	x_refsource_MISC

Date Public

2018-10-24 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:08.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.theregister.co.uk/2018/10/26/ee_4gee_hh70_ssh_backdoor/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.jameshemmings.co.uk/2018/10/24/4gee-hh70-router-vulnerability-disclosure/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the \"core_app\" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the \"AP Isolation\" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-30T17:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.theregister.co.uk/2018/10/26/ee_4gee_hh70_ssh_backdoor/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.jameshemmings.co.uk/2018/10/24/4gee-hh70-router-vulnerability-disclosure/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10532",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the \"core_app\" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the \"AP Isolation\" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.theregister.co.uk/2018/10/26/ee_4gee_hh70_ssh_backdoor/",
              "refsource": "MISC",
              "url": "https://www.theregister.co.uk/2018/10/26/ee_4gee_hh70_ssh_backdoor/"
            },
            {
              "name": "https://blog.jameshemmings.co.uk/2018/10/24/4gee-hh70-router-vulnerability-disclosure/",
              "refsource": "MISC",
              "url": "https://blog.jameshemmings.co.uk/2018/10/24/4gee-hh70-router-vulnerability-disclosure/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10532",
    "datePublished": "2018-10-30T18:00:00.000Z",
    "dateReserved": "2018-04-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:39:08.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-22245

CVE-2018-10532 (GCVE-0-2018-10532)

Tags

Sightings

Nomenclature